{"affected":[{"ecosystem_specific":{"binaries":[{"libvirt":"2.0.0-27.54.1","libvirt-client":"2.0.0-27.54.1","libvirt-daemon":"2.0.0-27.54.1","libvirt-daemon-config-network":"2.0.0-27.54.1","libvirt-daemon-config-nwfilter":"2.0.0-27.54.1","libvirt-daemon-driver-interface":"2.0.0-27.54.1","libvirt-daemon-driver-libxl":"2.0.0-27.54.1","libvirt-daemon-driver-lxc":"2.0.0-27.54.1","libvirt-daemon-driver-network":"2.0.0-27.54.1","libvirt-daemon-driver-nodedev":"2.0.0-27.54.1","libvirt-daemon-driver-nwfilter":"2.0.0-27.54.1","libvirt-daemon-driver-qemu":"2.0.0-27.54.1","libvirt-daemon-driver-secret":"2.0.0-27.54.1","libvirt-daemon-driver-storage":"2.0.0-27.54.1","libvirt-daemon-hooks":"2.0.0-27.54.1","libvirt-daemon-lxc":"2.0.0-27.54.1","libvirt-daemon-qemu":"2.0.0-27.54.1","libvirt-daemon-xen":"2.0.0-27.54.1","libvirt-doc":"2.0.0-27.54.1","libvirt-lock-sanlock":"2.0.0-27.54.1","libvirt-nss":"2.0.0-27.54.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 7","name":"libvirt","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.0-27.54.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvirt":"2.0.0-27.54.1","libvirt-client":"2.0.0-27.54.1","libvirt-daemon":"2.0.0-27.54.1","libvirt-daemon-config-network":"2.0.0-27.54.1","libvirt-daemon-config-nwfilter":"2.0.0-27.54.1","libvirt-daemon-driver-interface":"2.0.0-27.54.1","libvirt-daemon-driver-libxl":"2.0.0-27.54.1","libvirt-daemon-driver-lxc":"2.0.0-27.54.1","libvirt-daemon-driver-network":"2.0.0-27.54.1","libvirt-daemon-driver-nodedev":"2.0.0-27.54.1","libvirt-daemon-driver-nwfilter":"2.0.0-27.54.1","libvirt-daemon-driver-qemu":"2.0.0-27.54.1","libvirt-daemon-driver-secret":"2.0.0-27.54.1","libvirt-daemon-driver-storage":"2.0.0-27.54.1","libvirt-daemon-hooks":"2.0.0-27.54.1","libvirt-daemon-lxc":"2.0.0-27.54.1","libvirt-daemon-qemu":"2.0.0-27.54.1","libvirt-daemon-xen":"2.0.0-27.54.1","libvirt-doc":"2.0.0-27.54.1","libvirt-lock-sanlock":"2.0.0-27.54.1","libvirt-nss":"2.0.0-27.54.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"libvirt","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.0-27.54.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvirt":"2.0.0-27.54.1","libvirt-client":"2.0.0-27.54.1","libvirt-daemon":"2.0.0-27.54.1","libvirt-daemon-config-network":"2.0.0-27.54.1","libvirt-daemon-config-nwfilter":"2.0.0-27.54.1","libvirt-daemon-driver-interface":"2.0.0-27.54.1","libvirt-daemon-driver-libxl":"2.0.0-27.54.1","libvirt-daemon-driver-lxc":"2.0.0-27.54.1","libvirt-daemon-driver-network":"2.0.0-27.54.1","libvirt-daemon-driver-nodedev":"2.0.0-27.54.1","libvirt-daemon-driver-nwfilter":"2.0.0-27.54.1","libvirt-daemon-driver-qemu":"2.0.0-27.54.1","libvirt-daemon-driver-secret":"2.0.0-27.54.1","libvirt-daemon-driver-storage":"2.0.0-27.54.1","libvirt-daemon-hooks":"2.0.0-27.54.1","libvirt-daemon-lxc":"2.0.0-27.54.1","libvirt-daemon-qemu":"2.0.0-27.54.1","libvirt-daemon-xen":"2.0.0-27.54.1","libvirt-doc":"2.0.0-27.54.1","libvirt-lock-sanlock":"2.0.0-27.54.1","libvirt-nss":"2.0.0-27.54.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-LTSS","name":"libvirt","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.0-27.54.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvirt":"2.0.0-27.54.1","libvirt-client":"2.0.0-27.54.1","libvirt-daemon":"2.0.0-27.54.1","libvirt-daemon-config-network":"2.0.0-27.54.1","libvirt-daemon-config-nwfilter":"2.0.0-27.54.1","libvirt-daemon-driver-interface":"2.0.0-27.54.1","libvirt-daemon-driver-libxl":"2.0.0-27.54.1","libvirt-daemon-driver-lxc":"2.0.0-27.54.1","libvirt-daemon-driver-network":"2.0.0-27.54.1","libvirt-daemon-driver-nodedev":"2.0.0-27.54.1","libvirt-daemon-driver-nwfilter":"2.0.0-27.54.1","libvirt-daemon-driver-qemu":"2.0.0-27.54.1","libvirt-daemon-driver-secret":"2.0.0-27.54.1","libvirt-daemon-driver-storage":"2.0.0-27.54.1","libvirt-daemon-hooks":"2.0.0-27.54.1","libvirt-daemon-lxc":"2.0.0-27.54.1","libvirt-daemon-qemu":"2.0.0-27.54.1","libvirt-daemon-xen":"2.0.0-27.54.1","libvirt-doc":"2.0.0-27.54.1","libvirt-lock-sanlock":"2.0.0-27.54.1","libvirt-nss":"2.0.0-27.54.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","name":"libvirt","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.0-27.54.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvirt":"2.0.0-27.54.1","libvirt-client":"2.0.0-27.54.1","libvirt-daemon":"2.0.0-27.54.1","libvirt-daemon-config-network":"2.0.0-27.54.1","libvirt-daemon-config-nwfilter":"2.0.0-27.54.1","libvirt-daemon-driver-interface":"2.0.0-27.54.1","libvirt-daemon-driver-libxl":"2.0.0-27.54.1","libvirt-daemon-driver-lxc":"2.0.0-27.54.1","libvirt-daemon-driver-network":"2.0.0-27.54.1","libvirt-daemon-driver-nodedev":"2.0.0-27.54.1","libvirt-daemon-driver-nwfilter":"2.0.0-27.54.1","libvirt-daemon-driver-qemu":"2.0.0-27.54.1","libvirt-daemon-driver-secret":"2.0.0-27.54.1","libvirt-daemon-driver-storage":"2.0.0-27.54.1","libvirt-daemon-hooks":"2.0.0-27.54.1","libvirt-daemon-lxc":"2.0.0-27.54.1","libvirt-daemon-qemu":"2.0.0-27.54.1","libvirt-daemon-xen":"2.0.0-27.54.1","libvirt-doc":"2.0.0-27.54.1","libvirt-lock-sanlock":"2.0.0-27.54.1","libvirt-nss":"2.0.0-27.54.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 4","name":"libvirt","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Enterprise%20Storage%204"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.0-27.54.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libvirt fixes the following issues:\n\nFour new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)\n\n- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n- CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)\n- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)\n\nThese updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273).\n\nFor more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736\n\nOther security issues fixed:\n\n- CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595).\n- qemu: Add support for using AES secret for SCSI hotplug\n","id":"SUSE-SU-2019:1438-1","modified":"2019-06-06T15:49:09Z","published":"2019-06-06T15:49:09Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20191438-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1111331"},{"type":"REPORT","url":"https://bugzilla.suse.com/1131595"},{"type":"REPORT","url":"https://bugzilla.suse.com/1135273"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12126"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12127"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12130"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11091"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-3886"}],"related":["CVE-2018-12126","CVE-2018-12127","CVE-2018-12130","CVE-2019-11091","CVE-2019-3886"],"summary":"Security update for libvirt","upstream":["CVE-2018-12126","CVE-2018-12127","CVE-2018-12130","CVE-2019-11091","CVE-2019-3886"]}