[SECURITY] Fedora 28 Update: libvirt-4.1.0-6.fc28

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-6e146a714c 2019-05-21 01:13:12.142107 -------------------------------------------------------------------------------- Name : libvirt Product : Fedora 28 Version : 4.1.0 Release : 6.fc28 URL : https://libvirt.org/ Summary : Library providing a simple virtualization API Description : Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support. -------------------------------------------------------------------------------- Update Information: Define md-clear CPUID bit. Assuming an updated host kernel and microcode, the md-clear bit will be automatically exposed to guests using the QEMU "-cpu host" arg, or libvirt "host-model" or "host-passthrough" configurations. Guests using a named CPU model it must be manually updated to add this extra CPU feature. Resolves CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 -------------------------------------------------------------------------------- ChangeLog: * Tue May 14 2019 Daniel P. Berrang�� <berrange(a)redhat.com&gt; - 4.1.0-6 - Define md-clear CPUID bit - Resolves: rhbz #1709977 (CVE-2018-12126), rhbz #1709979 (CVE-2018-12127), rhbz #1709997 (CVE-2018-12130), rhbz #1709984 (CVE-2019-11091) * Thu Aug 23 2018 Cole Robinson <crobinso(a)redhat.com&gt; - 4.1.0-5 - Fix *LookupBy* APIs hash races (bz #1621471) - ESX: crash when user sets autostart flags to a domain (bz #1611921) * Tue Jul 3 2018 Cole Robinson <crobinso(a)redhat.com&gt; - 4.1.0-4 - Fix virtlockd-admin.socket syntax (bz #1586239) - nwfilter: increase pcap buffer size to be compatible with TPACKET_V3 (bz * Mon Jun 18 2018 Daniel P. Berrang�� <berrange(a)redhat.com&gt; - 4.1.0-3 - Add new CPU features for speculative store bypass (CVE-2018-3639) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1667782 - CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) https://bugzilla.redhat.com/show_bug.cgi?id=1667782 [ 2 ] Bug #1646781 - CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) https://bugzilla.redhat.com/show_bug.cgi?id=1646781 [ 3 ] Bug #1705312 - CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) https://bugzilla.redhat.com/show_bug.cgi?id=1705312 [ 4 ] Bug #1646784 - CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) https://bugzilla.redhat.com/show_bug.cgi?id=1646784 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-6e146a714c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------