[SECURITY] Fedora 27 Update: libvirt-3.7.0-6.fc27
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-2b053454a4
2018-08-01 17:54:21.486095
--------------------------------------------------------------------------------
Name : libvirt
Product : Fedora 27
Version : 3.7.0
Release : 6.fc27
URL : https://libvirt.org/
Summary : Library providing a simple virtualization API
Description :
Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). The main package includes
the libvirtd server exporting the virtualization support.
--------------------------------------------------------------------------------
Update Information:
* nwfilter: increase pcap buffer size to be compatible with TPACKET_V3 (bz
#1547237) ---- Add new CPU features for CVE-2017-5715 and CVE-2018-3639 On
Intel x86 hosts, the "ssbd" feature must be explicitly added to any virtual
machines that are not using host-passthrough/host-model CPU setup. NB this
requires new microcode too, which is not yet available in Fedora microcode_ctl
RPMs. New "-IBRS"CPU models are provided for the Spectre fix, though it is
possible to just use the "spec-ctrl" feature with existing models On AMD x86
hosts, the "virt-ssbd" feature must be explicitly added to any virtual machines
that are not using host-passthrough /host-model CPU setup. There is no microcode
dependency for AMD as this is a virtualized CPUID feature. New "-IBPB" CPU
models are provided for the Spectre fix, though it is possible to just use the
"ibpb" feature with existing models In both cases, kernel >= 4.16.10-201 is
required on the host and guest in order to activate the fix. QEMU >=
qemu-2.10.1-4.fc27 is also required on the host
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 3 2018 Cole Robinson <crobinso(a)redhat.com> - 3.7.0-6
- nwfilter: increase pcap buffer size to be compatible with TPACKET_V3 (bz
* Wed Jun 20 2018 Daniel P. Berrang�� <berrange(a)redhat.com> - 3.7.0-5
- Add new CPU features for CVE-2017-5715 and CVE-2018-3639
* Tue Feb 13 2018 Cole Robinson <crobinso(a)redhat.com> - 3.7.0-4
- CVE-2018-5748: resource exhaustion via qemuMonitorIORead() (bz #1535785)
- CVE-2018-6764: code injection via libvirt_lxc (bz #1542815)
- Fix hotplug disk failure (bz #1540872)
* Mon Dec 4 2017 Cole Robinson <crobinso(a)redhat.com> - 3.7.0-3
- CVE-2017-1000256: libvirt: TLS certificate verification disabled for
clients (bz #1503687)
- Fix qemu image locking with shared disks (bz #1513447)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1566890
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-2b053454a4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------