SuSE Local Security Checks : SUSE: Security Advisory (SUSE-SU-2019:0936-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.4.2019.0936.1

Category: SuSE Local Security Checks

Title: SUSE: Security Advisory (SUSE-SU-2019:0936-1)

Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the SUSE-SU-2019:0936-1 advisory.

Description: Summary:
The remote host is missing an update for the 'libvirt' package(s) announced via the SUSE-SU-2019:0936-1 advisory.

Vulnerability Insight:
This update for libvirt provides the following fixes:

Security issue fixed:
CVE-2019-3840: Fixed a null pointer dereference vulnerability in
virJSONValueObjectHasKey function which could have resulted in a remote
denial of service via the guest agent (bsc#1127458).

Other issues addressed:
apparmor: reintroduce upstream lxc mount rules (bsc#1130129).

hook: encode incoming XML to UTF-8 before passing to lxml etree from
string method (bsc#1123642).

supportconfig: collect rotated logs in /var/log/libvirt/* (bsc#1124667).

libxl: support Xen's max_grant_frames setting with maxGrantFrames
attribute on the xenbus controller (bsc#1126325).

conf: added new 'xenbus' controller type

util: skip RDMA detection for non-PCI network devices (bsc#1112182).

qemu: don't use CAP_DAC_OVERRIDE capability if non-root (bsc#1125665).

qemu: fix issues related to restricted permissions on
/dev/sev(bsc#1102604).

apparmor: add support for named profiles (bsc#1118952).

libxl: save current memory value after successful balloon (bsc#1120813).

apparmor: Fix ptrace rules. (bsc#1117058)

libxl: Add support for soft reset. (bsc#1081516)

libxl: Fix VM migration on busy hosts. (bsc#1108086)

qemu: Add support for SEV guests. (fate#325817)

util: Don't check for parallel iteration in hash-related functions.
(bsc#1106420)

spec: Don't restart libvirt-guests when updating libvirt-client.
(bsc#1104662)

Fix virNodeGetSEVInfo API crashing libvirtd on AMD SEV enabled hosts.
(bsc#1108395)

Affected Software/OS:
'libvirt' package(s) on SUSE Linux Enterprise Module for Basesystem 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Module for Server Applications 15.

Solution:
Please install the updated package(s).

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-3840
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZRP2BRMI4RYFRPNFTTIAAUOGVN2ORP7/
RedHat Security Advisories: RHSA-2019:2294
https://access.redhat.com/errata/RHSA-2019:2294
SuSE Security Announcement: openSUSE-SU-2019:1288 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html
SuSE Security Announcement: openSUSE-SU-2019:1294 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html

Copyright Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.4.2019.0936.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2019:0936-1)
Summary:	The remote host is missing an update for the 'libvirt' package(s) announced via the SUSE-SU-2019:0936-1 advisory.
Description:	Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the SUSE-SU-2019:0936-1 advisory. Vulnerability Insight: This update for libvirt provides the following fixes: Security issue fixed: CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). Other issues addressed: apparmor: reintroduce upstream lxc mount rules (bsc#1130129). hook: encode incoming XML to UTF-8 before passing to lxml etree from string method (bsc#1123642). supportconfig: collect rotated logs in /var/log/libvirt/* (bsc#1124667). libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325). conf: added new 'xenbus' controller type util: skip RDMA detection for non-PCI network devices (bsc#1112182). qemu: don't use CAP_DAC_OVERRIDE capability if non-root (bsc#1125665). qemu: fix issues related to restricted permissions on /dev/sev(bsc#1102604). apparmor: add support for named profiles (bsc#1118952). libxl: save current memory value after successful balloon (bsc#1120813). apparmor: Fix ptrace rules. (bsc#1117058) libxl: Add support for soft reset. (bsc#1081516) libxl: Fix VM migration on busy hosts. (bsc#1108086) qemu: Add support for SEV guests. (fate#325817) util: Don't check for parallel iteration in hash-related functions. (bsc#1106420) spec: Don't restart libvirt-guests when updating libvirt-client. (bsc#1104662) Fix virNodeGetSEVInfo API crashing libvirtd on AMD SEV enabled hosts. (bsc#1108395) Affected Software/OS: 'libvirt' package(s) on SUSE Linux Enterprise Module for Basesystem 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Module for Server Applications 15. Solution: Please install the updated package(s). CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-3840 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZRP2BRMI4RYFRPNFTTIAAUOGVN2ORP7/ RedHat Security Advisories: RHSA-2019:2294 https://access.redhat.com/errata/RHSA-2019:2294 SuSE Security Announcement: openSUSE-SU-2019:1288 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html SuSE Security Announcement: openSUSE-SU-2019:1294 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html
Copyright	Copyright (C) 2021 Greenbone AG