Security update for libvirt (moderate)

ID OPENSUSE-SU-2019:1294-1
Type suse
Reporter Suse
Modified 2019-04-29T15:12:00


This update for libvirt fixes the following issues:

Security issues fixed:

  • CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458).
  • CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595).

Other issue addressed:

  • cpu: add Skylake-Server and Skylake-Server-IBRS CPU models (FATE#327261, bsc#1131955)
  • libxl: save current memory value after successful balloon (bsc#1120813).
  • libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325).
  • conf: add new 'xenbus' controller type

This update was imported from the SUSE:SLE-12-SP3:Update update project.