{"affected":[{"ecosystem_specific":{"binaries":[{"libvirt":"1.2.5-27.13.1","libvirt-client":"1.2.5-27.13.1","libvirt-daemon":"1.2.5-27.13.1","libvirt-daemon-config-network":"1.2.5-27.13.1","libvirt-daemon-config-nwfilter":"1.2.5-27.13.1","libvirt-daemon-driver-interface":"1.2.5-27.13.1","libvirt-daemon-driver-libxl":"1.2.5-27.13.1","libvirt-daemon-driver-lxc":"1.2.5-27.13.1","libvirt-daemon-driver-network":"1.2.5-27.13.1","libvirt-daemon-driver-nodedev":"1.2.5-27.13.1","libvirt-daemon-driver-nwfilter":"1.2.5-27.13.1","libvirt-daemon-driver-qemu":"1.2.5-27.13.1","libvirt-daemon-driver-secret":"1.2.5-27.13.1","libvirt-daemon-driver-storage":"1.2.5-27.13.1","libvirt-daemon-lxc":"1.2.5-27.13.1","libvirt-daemon-qemu":"1.2.5-27.13.1","libvirt-daemon-xen":"1.2.5-27.13.1","libvirt-doc":"1.2.5-27.13.1","libvirt-lock-sanlock":"1.2.5-27.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"libvirt","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.5-27.13.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libvirt fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka 'Memory Disambiguation' (bsc#1092885).\n- CVE-2018-1064: Fix denial of service problem during reading from guest agent (bsc#1083625).\n- CVE-2018-5748: Fix resource exhaustion via qemuMonitorIORead() method (bsc#1076500).\n- CVE-2016-5008: Fix that an empty VNC password disables authentication (bsc#987527).\n- CVE-2017-5715: Fix speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869).\n\nBug fixes:\n\n- bsc#980558: Fix NUMA node memory allocation.\n- bsc#968483: Restart daemons in %posttrans after connection drivers.\n- bsc#897352: Systemd fails to ignore LSB services.\n- bsc#956298: virsh domxml-to-native causes segfault of libvirtd.\n- bsc#964465: libvirtd.service causes systemd warning about xencommons service.\n- bsc#954872: Script block-dmmd not working as expected.\n- bsc#854343: libvirt installation run inappropriate systemd restart.\n","id":"SUSE-SU-2018:2141-1","modified":"2018-07-30T16:11:30Z","published":"2018-07-30T16:11:30Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182141-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1076500"},{"type":"REPORT","url":"https://bugzilla.suse.com/1079869"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083625"},{"type":"REPORT","url":"https://bugzilla.suse.com/1092885"},{"type":"REPORT","url":"https://bugzilla.suse.com/854343"},{"type":"REPORT","url":"https://bugzilla.suse.com/897352"},{"type":"REPORT","url":"https://bugzilla.suse.com/954872"},{"type":"REPORT","url":"https://bugzilla.suse.com/956298"},{"type":"REPORT","url":"https://bugzilla.suse.com/964465"},{"type":"REPORT","url":"https://bugzilla.suse.com/968483"},{"type":"REPORT","url":"https://bugzilla.suse.com/980558"},{"type":"REPORT","url":"https://bugzilla.suse.com/987527"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5008"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5715"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1064"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3639"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5748"}],"related":["CVE-2016-5008","CVE-2017-5715","CVE-2018-1064","CVE-2018-3639","CVE-2018-5748"],"summary":"Security update for libvirt","upstream":["CVE-2016-5008","CVE-2017-5715","CVE-2018-1064","CVE-2018-3639","CVE-2018-5748"]}