Red Hat Product Errata RHSA-2018:3407 - Security Advisory
Issued:
2018-10-30
Updated:
2018-10-30

RHSA-2018:3407 - Security Advisory

Synopsis

Important: libvirt security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libvirt is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

Security Fix(es):

  • An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD)

Note: This is the libvirt side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 7.2 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.2 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.2 x86_64

Fixes

  • BZ - 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

Red Hat Enterprise Linux Server - AUS 7.2

SRPM
libvirt-1.2.17-13.el7_2.9.src.rpm SHA-256: 11ddaa400d93163efc9859ef85fe9e7d0cdf0cdf9081a099d8e0bf4ab6d69a92
x86_64
libvirt-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 15352f7fa10e30e926bbbeb53201625251190b528a6987f262f535fd6064fb2f
libvirt-client-1.2.17-13.el7_2.9.i686.rpm SHA-256: 50eeef1e9cf18d32c20d2a436dedd61eee24a3c8df262b44a99903b5385d08aa
libvirt-client-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: a13f1f828b172f24abd327218f666d121a023672bc3f109ce159f53d52dc1615
libvirt-daemon-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: d056d56eb0eb3697b0eee7875aca8cce35e43f238c56f1e7780db2b9d34c6401
libvirt-daemon-config-network-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 942d3d1efc7ffdce6e77ad64b748cf2feb82d6ce7edef6586516516dd66da083
libvirt-daemon-config-nwfilter-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: c7d6983b69d06523c15035542c8cbbaa7b15254be2ce3ce2c8db0d632e375c54
libvirt-daemon-driver-interface-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: e1e4d0ab80f064a7ff9fa0d018ee64e7b22c78caef31a45f7b480706f68038ed
libvirt-daemon-driver-lxc-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: ae6e020a4ac3170a489bdcdac0a92d9c780b5c8b23876029d4f6b39c29757a3d
libvirt-daemon-driver-network-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: eb488b61fec0a473255aa1023e76fe096ee9022b42bc271677ae285c92253c5b
libvirt-daemon-driver-nodedev-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: cb88e4b0d20737d388bbe0c2f0de796e0449b2b565028ae8239d2925c9df64c6
libvirt-daemon-driver-nwfilter-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: f9c0b2d8b3eec3f1e3bbfd870d7c39e5a3aa8f93a331d7c67a92f905814bffc8
libvirt-daemon-driver-qemu-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 0fb7aa5e7fe73efdf4547727d6d6095139577187f4939009971afa02e7143c2b
libvirt-daemon-driver-secret-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 1e6156bf01ba334a4712c1c45c3ad0fa94b062544428e187970a1a93638805ff
libvirt-daemon-driver-storage-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: ec5d6a5a430638984d35964a7850e7f74e036fccbcbe4d10cb3d36ba8735e296
libvirt-daemon-kvm-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 767caacf89386a46ce7a0be8592a38798d0f053251516547b37218cfa81e73c0
libvirt-daemon-lxc-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 3c6baec540375ca70a8529bd1147d0418d7638a0203a20a53a015d2ea63294f4
libvirt-debuginfo-1.2.17-13.el7_2.9.i686.rpm SHA-256: 1b22ff29eb8e3e5d15a7a43282fb71f36a0265459dfc8f240a39d2acc523c305
libvirt-debuginfo-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: c371449a5702de64694d4a50c51047f27f2fec12566be6adc1b4a7ad273a166e
libvirt-debuginfo-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: c371449a5702de64694d4a50c51047f27f2fec12566be6adc1b4a7ad273a166e
libvirt-devel-1.2.17-13.el7_2.9.i686.rpm SHA-256: 0e0180d31a1fe8bdf9eae64bc8be78ae13da3caa5df0785db92adff1fbdd3323
libvirt-devel-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: d0eaa9b45a4fc3876b78b31f2d129db9c86532e6b4b72e8c100742a69bd05a13
libvirt-docs-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 5aa964083f0e1acd1f7cf37db633fbe2bc2235e182a0b5f899816165768531d4
libvirt-lock-sanlock-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: c45d79b45ccaa9fe5322ac62d8a53a2385533e619bcc521fbf0a5888998a65d0
libvirt-login-shell-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 531048ea8e65d4d378b9e92e3dd7eb55b9ed60bdb32225f5e539c27ec6dcfdfc

Red Hat Enterprise Linux Server - TUS 7.2

SRPM
libvirt-1.2.17-13.el7_2.9.src.rpm SHA-256: 11ddaa400d93163efc9859ef85fe9e7d0cdf0cdf9081a099d8e0bf4ab6d69a92
x86_64
libvirt-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 15352f7fa10e30e926bbbeb53201625251190b528a6987f262f535fd6064fb2f
libvirt-client-1.2.17-13.el7_2.9.i686.rpm SHA-256: 50eeef1e9cf18d32c20d2a436dedd61eee24a3c8df262b44a99903b5385d08aa
libvirt-client-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: a13f1f828b172f24abd327218f666d121a023672bc3f109ce159f53d52dc1615
libvirt-daemon-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: d056d56eb0eb3697b0eee7875aca8cce35e43f238c56f1e7780db2b9d34c6401
libvirt-daemon-config-network-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 942d3d1efc7ffdce6e77ad64b748cf2feb82d6ce7edef6586516516dd66da083
libvirt-daemon-config-nwfilter-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: c7d6983b69d06523c15035542c8cbbaa7b15254be2ce3ce2c8db0d632e375c54
libvirt-daemon-driver-interface-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: e1e4d0ab80f064a7ff9fa0d018ee64e7b22c78caef31a45f7b480706f68038ed
libvirt-daemon-driver-lxc-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: ae6e020a4ac3170a489bdcdac0a92d9c780b5c8b23876029d4f6b39c29757a3d
libvirt-daemon-driver-network-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: eb488b61fec0a473255aa1023e76fe096ee9022b42bc271677ae285c92253c5b
libvirt-daemon-driver-nodedev-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: cb88e4b0d20737d388bbe0c2f0de796e0449b2b565028ae8239d2925c9df64c6
libvirt-daemon-driver-nwfilter-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: f9c0b2d8b3eec3f1e3bbfd870d7c39e5a3aa8f93a331d7c67a92f905814bffc8
libvirt-daemon-driver-qemu-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 0fb7aa5e7fe73efdf4547727d6d6095139577187f4939009971afa02e7143c2b
libvirt-daemon-driver-secret-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 1e6156bf01ba334a4712c1c45c3ad0fa94b062544428e187970a1a93638805ff
libvirt-daemon-driver-storage-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: ec5d6a5a430638984d35964a7850e7f74e036fccbcbe4d10cb3d36ba8735e296
libvirt-daemon-kvm-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 767caacf89386a46ce7a0be8592a38798d0f053251516547b37218cfa81e73c0
libvirt-daemon-lxc-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 3c6baec540375ca70a8529bd1147d0418d7638a0203a20a53a015d2ea63294f4
libvirt-debuginfo-1.2.17-13.el7_2.9.i686.rpm SHA-256: 1b22ff29eb8e3e5d15a7a43282fb71f36a0265459dfc8f240a39d2acc523c305
libvirt-debuginfo-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: c371449a5702de64694d4a50c51047f27f2fec12566be6adc1b4a7ad273a166e
libvirt-debuginfo-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: c371449a5702de64694d4a50c51047f27f2fec12566be6adc1b4a7ad273a166e
libvirt-devel-1.2.17-13.el7_2.9.i686.rpm SHA-256: 0e0180d31a1fe8bdf9eae64bc8be78ae13da3caa5df0785db92adff1fbdd3323
libvirt-devel-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: d0eaa9b45a4fc3876b78b31f2d129db9c86532e6b4b72e8c100742a69bd05a13
libvirt-docs-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 5aa964083f0e1acd1f7cf37db633fbe2bc2235e182a0b5f899816165768531d4
libvirt-lock-sanlock-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: c45d79b45ccaa9fe5322ac62d8a53a2385533e619bcc521fbf0a5888998a65d0
libvirt-login-shell-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 531048ea8e65d4d378b9e92e3dd7eb55b9ed60bdb32225f5e539c27ec6dcfdfc

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.2

SRPM
libvirt-1.2.17-13.el7_2.9.src.rpm SHA-256: 11ddaa400d93163efc9859ef85fe9e7d0cdf0cdf9081a099d8e0bf4ab6d69a92
x86_64
libvirt-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 15352f7fa10e30e926bbbeb53201625251190b528a6987f262f535fd6064fb2f
libvirt-client-1.2.17-13.el7_2.9.i686.rpm SHA-256: 50eeef1e9cf18d32c20d2a436dedd61eee24a3c8df262b44a99903b5385d08aa
libvirt-client-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: a13f1f828b172f24abd327218f666d121a023672bc3f109ce159f53d52dc1615
libvirt-daemon-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: d056d56eb0eb3697b0eee7875aca8cce35e43f238c56f1e7780db2b9d34c6401
libvirt-daemon-config-network-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 942d3d1efc7ffdce6e77ad64b748cf2feb82d6ce7edef6586516516dd66da083
libvirt-daemon-config-nwfilter-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: c7d6983b69d06523c15035542c8cbbaa7b15254be2ce3ce2c8db0d632e375c54
libvirt-daemon-driver-interface-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: e1e4d0ab80f064a7ff9fa0d018ee64e7b22c78caef31a45f7b480706f68038ed
libvirt-daemon-driver-lxc-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: ae6e020a4ac3170a489bdcdac0a92d9c780b5c8b23876029d4f6b39c29757a3d
libvirt-daemon-driver-network-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: eb488b61fec0a473255aa1023e76fe096ee9022b42bc271677ae285c92253c5b
libvirt-daemon-driver-nodedev-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: cb88e4b0d20737d388bbe0c2f0de796e0449b2b565028ae8239d2925c9df64c6
libvirt-daemon-driver-nwfilter-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: f9c0b2d8b3eec3f1e3bbfd870d7c39e5a3aa8f93a331d7c67a92f905814bffc8
libvirt-daemon-driver-qemu-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 0fb7aa5e7fe73efdf4547727d6d6095139577187f4939009971afa02e7143c2b
libvirt-daemon-driver-secret-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 1e6156bf01ba334a4712c1c45c3ad0fa94b062544428e187970a1a93638805ff
libvirt-daemon-driver-storage-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: ec5d6a5a430638984d35964a7850e7f74e036fccbcbe4d10cb3d36ba8735e296
libvirt-daemon-kvm-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 767caacf89386a46ce7a0be8592a38798d0f053251516547b37218cfa81e73c0
libvirt-daemon-lxc-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 3c6baec540375ca70a8529bd1147d0418d7638a0203a20a53a015d2ea63294f4
libvirt-debuginfo-1.2.17-13.el7_2.9.i686.rpm SHA-256: 1b22ff29eb8e3e5d15a7a43282fb71f36a0265459dfc8f240a39d2acc523c305
libvirt-debuginfo-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: c371449a5702de64694d4a50c51047f27f2fec12566be6adc1b4a7ad273a166e
libvirt-debuginfo-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: c371449a5702de64694d4a50c51047f27f2fec12566be6adc1b4a7ad273a166e
libvirt-devel-1.2.17-13.el7_2.9.i686.rpm SHA-256: 0e0180d31a1fe8bdf9eae64bc8be78ae13da3caa5df0785db92adff1fbdd3323
libvirt-devel-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: d0eaa9b45a4fc3876b78b31f2d129db9c86532e6b4b72e8c100742a69bd05a13
libvirt-docs-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 5aa964083f0e1acd1f7cf37db633fbe2bc2235e182a0b5f899816165768531d4
libvirt-lock-sanlock-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: c45d79b45ccaa9fe5322ac62d8a53a2385533e619bcc521fbf0a5888998a65d0
libvirt-login-shell-1.2.17-13.el7_2.9.x86_64.rpm SHA-256: 531048ea8e65d4d378b9e92e3dd7eb55b9ed60bdb32225f5e539c27ec6dcfdfc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.