Security update for libvirt (moderate)

An update that solves two vulnerabilities and has three
fixes is now available.

Description:

This update for libvirt fixes the following issues:

Security issues fixed:

• CVE-2019-3840: Fixed a null pointer dereference vulnerability in
  virJSONValueObjectHasKey function which could have resulted in a remote
  denial of service via the guest agent (bsc#1127458).
• CVE-2019-3886: Fixed an information leak which allowed to retrieve the
  guest hostname under readonly mode (bsc#1131595).

Other issue addressed:

• cpu: add Skylake-Server and Skylake-Server-IBRS CPU models (FATE#327261,
  bsc#1131955)
• libxl: save current memory value after successful balloon (bsc#1120813).
• libxl: support Xen’s max_grant_frames setting with maxGrantFrames
  attribute on the xenbus controller (bsc#1126325).
• conf: add new ‘xenbus’ controller type

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 42.3:

  zypper in -t patch openSUSE-2019-1294=1