SUSE-SU-2015:0357-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0357-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2015:0357-1
- Related
- Published
- 2015-01-23T01:22:37Z
- Modified
- 2015-01-23T01:22:37Z
- Summary
- Security update for kvm and libvirt
- Details
-
This collective update for KVM and libvirt provides fixes for security and non-security issues.
kvm:
* Fix NULL pointer dereference because of uninitialized UDP socket. (bsc#897654, CVE-2014-3640) * Fix performance degradation after migration. (bsc#878350) * Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag in FS_IOC_FIEMAP ioctl. (bsc#908381) * Add validate hex properties for qdev. (bsc#852397) * Add boot option to do strict boot (bsc#900084) * Add query-command-line-options QMP command. (bsc#899144) * Fix incorrect return value of migrate_cancel. (bsc#843074) * Fix insufficient parameter validation during ram load. (bsc#905097, CVE-2014-7840) * Fix insufficient blit region checks in qemu/cirrus. (bsc#907805, CVE-2014-8106)libvirt:
* Fix security hole with migratable flag in dumpxml. (bsc#904176, CVE-2014-7823) * Fix domain deadlock. (bsc#899484, CVE-2014-3657) * Use correct definition when looking up disk in qemu blkiotune. (bsc#897783, CVE-2014-3633) * Fix undefined symbol when starting virtlockd. (bsc#910145) * Add '-boot strict' to qemu's commandline whenever possible. (bsc#900084) * Add support for 'reboot-timeout' in qemu. (bsc#899144) * Increase QEMU's monitor timeout to 30sec. (bsc#911742) * Allow setting QEMU's migration max downtime any time. (bsc#879665)Security Issues:
* CVE-2014-7823 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823> * CVE-2014-3657 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657> * CVE-2014-3633 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633> * CVE-2014-3640 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640> * CVE-2014-7840 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840> * CVE-2014-8106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8106> - References
-
- https://www.suse.com/support/update/announcement/2015/suse-su-20150357-1/
- https://bugzilla.suse.com/843074
- https://bugzilla.suse.com/852397
- https://bugzilla.suse.com/878350
- https://bugzilla.suse.com/879665
- https://bugzilla.suse.com/897654
- https://bugzilla.suse.com/897783
- https://bugzilla.suse.com/899144
- https://bugzilla.suse.com/899484
- https://bugzilla.suse.com/900084
- https://bugzilla.suse.com/904176
- https://bugzilla.suse.com/905097
- https://bugzilla.suse.com/907805
- https://bugzilla.suse.com/908381
- https://bugzilla.suse.com/910145
- https://bugzilla.suse.com/911742
- https://www.suse.com/security/cve/CVE-2014-3633
- https://www.suse.com/security/cve/CVE-2014-3640
- https://www.suse.com/security/cve/CVE-2014-3657
- https://www.suse.com/security/cve/CVE-2014-7823
- https://www.suse.com/security/cve/CVE-2014-7840
- https://www.suse.com/security/cve/CVE-2014-8106