SUSE-SU-2015:0357-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20150357-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0357-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:0357-1
Related
Published
2015-01-23T01:22:37Z
Modified
2015-01-23T01:22:37Z
Summary
Security update for kvm and libvirt
Details

This collective update for KVM and libvirt provides fixes for security and non-security issues.

kvm:

* Fix NULL pointer dereference because of uninitialized UDP socket.
  (bsc#897654, CVE-2014-3640)
* Fix performance degradation after migration. (bsc#878350)
* Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag
  in FS_IOC_FIEMAP ioctl. (bsc#908381)
* Add validate hex properties for qdev. (bsc#852397)
* Add boot option to do strict boot (bsc#900084)
* Add query-command-line-options QMP command. (bsc#899144)
* Fix incorrect return value of migrate_cancel. (bsc#843074)
* Fix insufficient parameter validation during ram load. (bsc#905097,
  CVE-2014-7840)
* Fix insufficient blit region checks in qemu/cirrus. (bsc#907805,
  CVE-2014-8106)

libvirt:

* Fix security hole with migratable flag in dumpxml. (bsc#904176,
  CVE-2014-7823)
* Fix domain deadlock. (bsc#899484, CVE-2014-3657)
* Use correct definition when looking up disk in qemu blkiotune.
  (bsc#897783, CVE-2014-3633)
* Fix undefined symbol when starting virtlockd. (bsc#910145)
* Add '-boot strict' to qemu's commandline whenever possible.
  (bsc#900084)
* Add support for 'reboot-timeout' in qemu. (bsc#899144)
* Increase QEMU's monitor timeout to 30sec. (bsc#911742)
* Allow setting QEMU's migration max downtime any time. (bsc#879665)

Security Issues:

* CVE-2014-7823
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823>
* CVE-2014-3657
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657>
* CVE-2014-3633
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633>
* CVE-2014-3640
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640>
* CVE-2014-7840
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840>
* CVE-2014-8106
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8106>
References

Affected packages