{"id":"SUSE-SU-2018:0838-1","summary":"Security update for libvirt","details":"This update for libvirt fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869).\n- CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625).\n- CVE-2018-5748: Fixed possible denial of service when reading from QEMU monitor (bsc#1076500).\n\n\nNon-security issues fixed:\n\n- bsc#1083061: Fixed 'dumpxml --migratable' exports domain id in output on SLES11 SP4.\n- bsc#1055365: Improve performance when listing hundreds of interfaces. \n","modified":"2026-02-04T02:15:41.852669Z","published":"2018-03-29T06:32:22Z","related":["CVE-2017-5715","CVE-2018-1064","CVE-2018-5748"],"upstream":["CVE-2017-5715","CVE-2018-1064","CVE-2018-5748"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20180838-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1055365"},{"type":"REPORT","url":"https://bugzilla.suse.com/1076500"},{"type":"REPORT","url":"https://bugzilla.suse.com/1079869"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083061"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083625"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5715"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1064"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5748"}],"affected":[{"package":{"name":"libvirt","ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.5-23.6.1"}]}],"ecosystem_specific":{"binaries":[{"libvirt-devel-32bit":"1.2.5-23.6.1","libvirt-devel":"1.2.5-23.6.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:0838-1.json"}},{"package":{"name":"libvirt","ecosystem":"SUSE:Linux Enterprise Server 11 SP4","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.5-23.6.1"}]}],"ecosystem_specific":{"binaries":[{"libvirt-client-32bit":"1.2.5-23.6.1","libvirt":"1.2.5-23.6.1","libvirt-lock-sanlock":"1.2.5-23.6.1","libvirt-doc":"1.2.5-23.6.1","libvirt-client":"1.2.5-23.6.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:0838-1.json"}},{"package":{"name":"libvirt","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.5-23.6.1"}]}],"ecosystem_specific":{"binaries":[{"libvirt-client-32bit":"1.2.5-23.6.1","libvirt":"1.2.5-23.6.1","libvirt-lock-sanlock":"1.2.5-23.6.1","libvirt-doc":"1.2.5-23.6.1","libvirt-client":"1.2.5-23.6.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:0838-1.json"}}],"schema_version":"1.7.3"}