Lucene search

K
oraclelinuxOracleLinuxELSA-2019-1580
HistoryJul 30, 2019 - 12:00 a.m.

virt:rhel security update

2019-07-3000:00:00
linux.oracle.com
27

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

libguestfs
[1:1.38.4-10.1.0.1]

  • Config supermin to use host yum.conf in ol8 [Orabug: 29319324]
  • Set DISTRO_ORACLE_LINUX correspeonding to ol
    [1:1.38.4-10.1]
  • Fix inspection of partition-less devices
    resolves: rhbz#1714747
    libssh2
    [1.8.0-7.el8_0.1]
  • fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)
  • fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)
  • fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)
  • fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)
    libvirt
    [4.5.0-23.3.0.1.el8]
  • added librbd1 as dependency (Keshav Sharma)
    [4.5.0-23.3.el8]
  • api: disallow virDomainSaveImageGetXMLDesc on read-only connections (CVE-2019-10161)
  • api: disallow virDomainManagedSaveDefineXML on read-only connections (CVE-2019-10166)
  • api: disallow virConnectGetDomainCapabilities on read-only connections (CVE-2019-10167)
  • api: disallow virConnect*HypervisorCPU on read-only connections (CVE-2019-10168)
    qemu-kvm
    [2.12.0-64.el8.0.0.2]
  • Bump release version to fix the versioning problem (zstream release lower than ystream).
  • Resolves: bz#1704545
    (CVE-2018-12126 virt:rhel/qemu-kvm: hardware: Microarchitectural Store Buffer Data Sampling [rhel-8.0.0.z])

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

Related for ELSA-2019-1580