Security update for kvm and libvirt

SUSE Security Update: Security update for kvm and libvirt
Announcement ID: SUSE-SU-2015:0357-1
Rating: moderate
References: #843074 #852397 #878350 #879665 #897654 #897783 #899144 #899484 #900084 #904176 #905097 #907805 #908381 #910145 #911742
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 11 SP3
  • SUSE Linux Enterprise Server 11 SP3
  • SUSE Linux Enterprise Desktop 11 SP3
    		•

    An update that solves 6 vulnerabilities and has 9 fixes is now available. It includes two new package versions.

    Description:


    This collective update for KVM and libvirt provides fixes for security and
    non-security issues.

    kvm:

    * Fix NULL pointer dereference because of uninitialized UDP socket.
    (bsc#897654, CVE-2014-3640)
    * Fix performance degradation after migration. (bsc#878350)
    * Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag
    in FS_IOC_FIEMAP ioctl. (bsc#908381)
    * Add validate hex properties for qdev. (bsc#852397)
    * Add boot option to do strict boot (bsc#900084)
    * Add query-command-line-options QMP command. (bsc#899144)
    * Fix incorrect return value of migrate_cancel. (bsc#843074)
    * Fix insufficient parameter validation during ram load. (bsc#905097,
    CVE-2014-7840)
    * Fix insufficient blit region checks in qemu/cirrus. (bsc#907805,
    CVE-2014-8106)

    libvirt:

    * Fix security hole with migratable flag in dumpxml. (bsc#904176,
    CVE-2014-7823)
    * Fix domain deadlock. (bsc#899484, CVE-2014-3657)
    * Use correct definition when looking up disk in qemu blkiotune.
    (bsc#897783, CVE-2014-3633)
    * Fix undefined symbol when starting virtlockd. (bsc#910145)
    * Add "-boot strict" to qemu's commandline whenever possible.
    (bsc#900084)
    * Add support for "reboot-timeout" in qemu. (bsc#899144)
    * Increase QEMU's monitor timeout to 30sec. (bsc#911742)
    * Allow setting QEMU's migration max downtime any time. (bsc#879665)

    Security Issues:

    * CVE-2014-7823

    * CVE-2014-3657

    * CVE-2014-3633

    * CVE-2014-3640

    * CVE-2014-7840

    * CVE-2014-8106

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 11 SP3:
      zypper in -t patch sdksp3-kvm-libvirt-201412=10222
    • SUSE Linux Enterprise Server 11 SP3:
      zypper in -t patch slessp3-kvm-libvirt-201412=10222
    • SUSE Linux Enterprise Desktop 11 SP3:
      zypper in -t patch sledsp3-kvm-libvirt-201412=10222

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64) [New Version: 1.0.5.9]:
      • libvirt-devel-1.0.5.9-0.19.3
    • SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 1.0.5.9]:
      • libvirt-devel-32bit-1.0.5.9-0.19.3
    • SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64) [New Version: 1.0.5.9]:
      • libvirt-devel-1.0.5.9-0.19.6
    • SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64) [New Version: 1.0.5.9]:
      • libvirt-1.0.5.9-0.19.3
      • libvirt-client-1.0.5.9-0.19.3
      • libvirt-doc-1.0.5.9-0.19.3
      • libvirt-lock-sanlock-1.0.5.9-0.19.3
      • libvirt-python-1.0.5.9-0.19.3
    • SUSE Linux Enterprise Server 11 SP3 (ppc64 x86_64) [New Version: 1.0.5.9]:
      • libvirt-client-32bit-1.0.5.9-0.19.3
    • SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 1.4.2]:
      • kvm-1.4.2-0.21.4
    • SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 1.0.5.9 and 1.4.2]:
      • kvm-1.4.2-0.21.5
      • libvirt-client-32bit-1.0.5.9-0.19.5
    • SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 1.0.5.9]:
      • libvirt-1.0.5.9-0.19.6
      • libvirt-client-1.0.5.9-0.19.6
      • libvirt-doc-1.0.5.9-0.19.6
      • libvirt-lock-sanlock-1.0.5.9-0.19.6
      • libvirt-python-1.0.5.9-0.19.6
    • SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.0.5.9 and 1.4.2]:
      • kvm-1.4.2-0.21.4
      • libvirt-1.0.5.9-0.19.3
      • libvirt-client-1.0.5.9-0.19.3
      • libvirt-doc-1.0.5.9-0.19.3
      • libvirt-python-1.0.5.9-0.19.3
    • SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 1.0.5.9]:
      • libvirt-client-32bit-1.0.5.9-0.19.3

    References:

    • http://support.novell.com/security/cve/CVE-2014-3633.html
    • http://support.novell.com/security/cve/CVE-2014-3640.html
    • http://support.novell.com/security/cve/CVE-2014-3657.html
    • http://support.novell.com/security/cve/CVE-2014-7823.html
    • http://support.novell.com/security/cve/CVE-2014-7840.html
    • http://support.novell.com/security/cve/CVE-2014-8106.html
    • https://bugzilla.suse.com/843074
    • https://bugzilla.suse.com/852397
    • https://bugzilla.suse.com/878350
    • https://bugzilla.suse.com/879665
    • https://bugzilla.suse.com/897654
    • https://bugzilla.suse.com/897783
    • https://bugzilla.suse.com/899144
    • https://bugzilla.suse.com/899484
    • https://bugzilla.suse.com/900084
    • https://bugzilla.suse.com/904176
    • https://bugzilla.suse.com/905097
    • https://bugzilla.suse.com/907805
    • https://bugzilla.suse.com/908381
    • https://bugzilla.suse.com/910145
    • https://bugzilla.suse.com/911742
    • http://download.suse.com/patch/finder/?keywords=d3b9c3ae67669c31312322f9448e4225