Security update for kvm
Announcement ID: | SUSE-SU-2018:2650-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves three vulnerabilities can now be installed.
Description:
This update for kvm fixes the following security issues:
- CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735)
- CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223)
With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885).
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server 11 SP4
zypper in -t patch slessp4-kvm-13771=1
-
SLES for SAP Applications 11-SP4
zypper in -t patch slessp4-kvm-13771=1
Package List:
-
SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586)
- kvm-1.4.2-60.15.2
-
SLES for SAP Applications 11-SP4 (x86_64)
- kvm-1.4.2-60.15.2
References:
- https://www.suse.com/security/cve/CVE-2018-11806.html
- https://www.suse.com/security/cve/CVE-2018-12617.html
- https://www.suse.com/security/cve/CVE-2018-3639.html
- https://bugzilla.suse.com/show_bug.cgi?id=1092885
- https://bugzilla.suse.com/show_bug.cgi?id=1096223
- https://bugzilla.suse.com/show_bug.cgi?id=1098735