ID

VAR-201805-0963

CVE

CVE-2018-3639

TITLE

CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

DESCRIPTION

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is firmware that runs in the central processor for managing and controlling the CPU. Multiple CPUHardware information disclosure vulnerabilities. The vulnerability is caused by a race condition in the CPU cache processing. Local attackers can exploit vulnerabilities to obtain sensitive information through side channel analysis. AMD, ARM, and Intel CPUs are all CPU (central processing unit) products from different manufacturers. AMD, ARM, and Intel CPUs have security vulnerabilities. 7.2) - x86_64 3. (CVE-2018-3639) Note: This is the libvirt side of the CVE-2018-3639 mitigation. (CVE-2018-3639) Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system might be required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact. In this update, mitigation for PowerPC architecture is provided. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/articles/3449601 4. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: libvirt security and bug fix update Advisory ID: RHSA-2018:1997-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1997 Issue date: 2018-06-26 CVE Names: CVE-2018-3639 ===================================================================== 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the libvirt side of the CVE-2018-3639 mitigation that includes support for guests running on hosts with AMD processors. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. Bug Fix(es): * Previously, the virtlogd service logged redundant AVC denial errors when a guest virtual machine was started. With this update, the virtlogd service no longer attempts to send shutdown inhibition calls to systemd, which prevents the described errors from occurring. (BZ#1573268) * Prior to this update, guest virtual machine actions that use a python library in some cases failed and "Hash operation not allowed during iteration" error messages were logged. Several redundant thread access checks have been removed, and the problem no longer occurs. (BZ#1581364) * The "virsh capabilities" command previously displayed an inaccurate number of 4 KiB memory pages on systems with very large amounts of memory. This update optimizes the memory diagnostic mechanism to ensure memory page numbers are displayed correctly on such systems. (BZ#1582418) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 1573268 - Got lots OVS daemon ERRs while starting a OVS-dpdk guest [rhel-7.5.z] 1581364 - Hash operation not allowed during iteration [rhel-7.5.z] 1582418 - virsh capabilities reports invalid values for 4K pages [rhel-7.5.z] 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libvirt-3.9.0-14.el7_5.6.src.rpm x86_64: libvirt-3.9.0-14.el7_5.6.x86_64.rpm libvirt-client-3.9.0-14.el7_5.6.i686.rpm libvirt-client-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.6.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm libvirt-libs-3.9.0-14.el7_5.6.i686.rpm libvirt-libs-3.9.0-14.el7_5.6.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libvirt-admin-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.6.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm libvirt-devel-3.9.0-14.el7_5.6.i686.rpm libvirt-devel-3.9.0-14.el7_5.6.x86_64.rpm libvirt-docs-3.9.0-14.el7_5.6.x86_64.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.6.x86_64.rpm libvirt-login-shell-3.9.0-14.el7_5.6.x86_64.rpm libvirt-nss-3.9.0-14.el7_5.6.i686.rpm libvirt-nss-3.9.0-14.el7_5.6.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libvirt-3.9.0-14.el7_5.6.src.rpm x86_64: libvirt-client-3.9.0-14.el7_5.6.i686.rpm libvirt-client-3.9.0-14.el7_5.6.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm libvirt-libs-3.9.0-14.el7_5.6.i686.rpm libvirt-libs-3.9.0-14.el7_5.6.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libvirt-3.9.0-14.el7_5.6.x86_64.rpm libvirt-admin-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.6.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm libvirt-devel-3.9.0-14.el7_5.6.i686.rpm libvirt-devel-3.9.0-14.el7_5.6.x86_64.rpm libvirt-docs-3.9.0-14.el7_5.6.x86_64.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.6.x86_64.rpm libvirt-login-shell-3.9.0-14.el7_5.6.x86_64.rpm libvirt-nss-3.9.0-14.el7_5.6.i686.rpm libvirt-nss-3.9.0-14.el7_5.6.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libvirt-3.9.0-14.el7_5.6.src.rpm ppc64: libvirt-3.9.0-14.el7_5.6.ppc64.rpm libvirt-client-3.9.0-14.el7_5.6.ppc.rpm libvirt-client-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.ppc64.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.ppc.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.ppc64.rpm libvirt-devel-3.9.0-14.el7_5.6.ppc.rpm libvirt-devel-3.9.0-14.el7_5.6.ppc64.rpm libvirt-docs-3.9.0-14.el7_5.6.ppc64.rpm libvirt-libs-3.9.0-14.el7_5.6.ppc.rpm libvirt-libs-3.9.0-14.el7_5.6.ppc64.rpm ppc64le: libvirt-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-client-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-devel-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-docs-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-libs-3.9.0-14.el7_5.6.ppc64le.rpm s390x: libvirt-3.9.0-14.el7_5.6.s390x.rpm libvirt-client-3.9.0-14.el7_5.6.s390.rpm libvirt-client-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.6.s390x.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.s390.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.s390x.rpm libvirt-devel-3.9.0-14.el7_5.6.s390.rpm libvirt-devel-3.9.0-14.el7_5.6.s390x.rpm libvirt-docs-3.9.0-14.el7_5.6.s390x.rpm libvirt-libs-3.9.0-14.el7_5.6.s390.rpm libvirt-libs-3.9.0-14.el7_5.6.s390x.rpm x86_64: libvirt-3.9.0-14.el7_5.6.x86_64.rpm libvirt-client-3.9.0-14.el7_5.6.i686.rpm libvirt-client-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.6.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm libvirt-devel-3.9.0-14.el7_5.6.i686.rpm libvirt-devel-3.9.0-14.el7_5.6.x86_64.rpm libvirt-docs-3.9.0-14.el7_5.6.x86_64.rpm libvirt-libs-3.9.0-14.el7_5.6.i686.rpm libvirt-libs-3.9.0-14.el7_5.6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: libvirt-3.9.0-14.el7_5.6.src.rpm ppc64le: libvirt-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-client-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-devel-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-docs-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-libs-3.9.0-14.el7_5.6.ppc64le.rpm s390x: libvirt-3.9.0-14.el7_5.6.s390x.rpm libvirt-client-3.9.0-14.el7_5.6.s390.rpm libvirt-client-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.6.s390x.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.s390.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.s390x.rpm libvirt-devel-3.9.0-14.el7_5.6.s390.rpm libvirt-devel-3.9.0-14.el7_5.6.s390x.rpm libvirt-docs-3.9.0-14.el7_5.6.s390x.rpm libvirt-libs-3.9.0-14.el7_5.6.s390.rpm libvirt-libs-3.9.0-14.el7_5.6.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libvirt-admin-3.9.0-14.el7_5.6.ppc64.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.6.ppc64.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.ppc.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.ppc64.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.6.ppc64.rpm libvirt-login-shell-3.9.0-14.el7_5.6.ppc64.rpm libvirt-nss-3.9.0-14.el7_5.6.ppc.rpm libvirt-nss-3.9.0-14.el7_5.6.ppc64.rpm ppc64le: libvirt-admin-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-login-shell-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-nss-3.9.0-14.el7_5.6.ppc64le.rpm s390x: libvirt-admin-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.6.s390x.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.s390.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.s390x.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.6.s390x.rpm libvirt-login-shell-3.9.0-14.el7_5.6.s390x.rpm libvirt-nss-3.9.0-14.el7_5.6.s390.rpm libvirt-nss-3.9.0-14.el7_5.6.s390x.rpm x86_64: libvirt-admin-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.6.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.6.x86_64.rpm libvirt-login-shell-3.9.0-14.el7_5.6.x86_64.rpm libvirt-nss-3.9.0-14.el7_5.6.i686.rpm libvirt-nss-3.9.0-14.el7_5.6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): Source: libvirt-3.9.0-14.el7_5.6.src.rpm aarch64: libvirt-3.9.0-14.el7_5.6.aarch64.rpm libvirt-admin-3.9.0-14.el7_5.6.aarch64.rpm libvirt-client-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.6.aarch64.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.6.aarch64.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.aarch64.rpm libvirt-devel-3.9.0-14.el7_5.6.aarch64.rpm libvirt-docs-3.9.0-14.el7_5.6.aarch64.rpm libvirt-libs-3.9.0-14.el7_5.6.aarch64.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.6.aarch64.rpm libvirt-login-shell-3.9.0-14.el7_5.6.aarch64.rpm libvirt-nss-3.9.0-14.el7_5.6.aarch64.rpm ppc64le: libvirt-admin-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-login-shell-3.9.0-14.el7_5.6.ppc64le.rpm libvirt-nss-3.9.0-14.el7_5.6.ppc64le.rpm s390x: libvirt-admin-3.9.0-14.el7_5.6.s390x.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.6.s390x.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.s390.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.s390x.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.6.s390x.rpm libvirt-login-shell-3.9.0-14.el7_5.6.s390x.rpm libvirt-nss-3.9.0-14.el7_5.6.s390.rpm libvirt-nss-3.9.0-14.el7_5.6.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libvirt-3.9.0-14.el7_5.6.src.rpm x86_64: libvirt-3.9.0-14.el7_5.6.x86_64.rpm libvirt-client-3.9.0-14.el7_5.6.i686.rpm libvirt-client-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.6.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm libvirt-devel-3.9.0-14.el7_5.6.i686.rpm libvirt-devel-3.9.0-14.el7_5.6.x86_64.rpm libvirt-docs-3.9.0-14.el7_5.6.x86_64.rpm libvirt-libs-3.9.0-14.el7_5.6.i686.rpm libvirt-libs-3.9.0-14.el7_5.6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libvirt-admin-3.9.0-14.el7_5.6.x86_64.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.6.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.6.x86_64.rpm libvirt-login-shell-3.9.0-14.el7_5.6.x86_64.rpm libvirt-nss-3.9.0-14.el7_5.6.i686.rpm libvirt-nss-3.9.0-14.el7_5.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWzJvUNzjgjWX9erEAQhM7Q//dJJlEn74Ogpv7vEy8qRfpLL5GaV2zei9 bJqJG8snN3JXlW8a1oZAl2XEclyXu4w0b8zfDrpVjimhwgQU5cSbWcd9g24S65mq fLFfmZQH5og5ooTxXWzaAaDhF0fLwFUHCX2H38PfaLuDPjRsqLZpKcsRNyKT391o p2OCI/JR3A+1oVVU+L16B3jSb7x7BnhqfOUD6gXusIfe5ofSB4xevZ5LEwC0+c1c Zb8ntSJBGB7XJ03I+5+7F40J6K6bEYJ1TiI8tEFU/iZ9tq/y7AgoWT5+1daMZ06s cMKsBJ8hHgGU5tKJBtegZGsYgAQUBoA9pV1WxUkth+/STFfdp84EiOanisp3DROE Rz52wQ8UON44mgMmR5v4UpN3ZYunIkOQzU2CIIXRgmYeZgJ9uo7CKs7QkebPE4MP zrYrVy/k+2+bC9sL2PiCD+LAHZY3ZJQaBBHuDpqM8w+Vxwy7I1jgcLvM8rMaqDfi qnbMP314OiTC7YQAX//WkyHbnrPNoxAwRDZ85vNCUDX9WyAVIYHOn9LHNJNcskif Xy9Zu83+yVqTsMZwddAQynCdIpmaYIJNnEKCDm5sRU0pmfcfMzcP28tITPDEBl/p e+XFQrJzDiSSF4nCL9BKULZjODQOs+t0/ING1sJ1zX2lZ+2sQh77dfWFYB5+cG3v RpvefCAYCMU= =b59R -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. (CVE-2018-3639, x86 AMD) * kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial of service or other unspecified impact (CVE-2018-10675) * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) * kernel: error in exception handling leads to DoS (CVE-2018-8897 regression) (CVE-2018-10872) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, microcode updates on 32 and 64-bit AMD and Intel architectures were not synchronized. As a consequence, it was not possible to apply the microcode updates. This fix adds the synchronization to the microcode updates so that processors of the stated architectures receive updates at the same time. As a result, microcode updates are now synchronized. (BZ#1574592) 4. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 1575065 - CVE-2018-10675 kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial-of-service or other unspecified impact 1585011 - CVE-2018-3665 Kernel: FPU state information leakage via lazy FPU restore 1596094 - CVE-2018-10872 kernel: error in exception handling leads to DoS (CVE-2018-8897 regression) 6. ========================================================================== Ubuntu Security Notice USN-3653-1 May 22, 2018 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 Summary: Several security issues were addressed in the Linux kernel. (CVE-2018-3639) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. (CVE-2017-17449) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: linux-image-4.13.0-43-generic 4.13.0-43.48 linux-image-4.13.0-43-generic-lpae 4.13.0-43.48 linux-image-4.13.0-43-lowlatency 4.13.0-43.48 linux-image-generic 4.13.0.43.46 linux-image-generic-lpae 4.13.0.43.46 linux-image-lowlatency 4.13.0.43.46 Please note that fully mitigating CVE-2018-3639 (Spectre Variant 4) may require corresponding processor microcode/firmware updates or, in virtual environments, hypervisor updates. On i386 and amd64 architectures, the SSBD feature is required to enable the kernel mitigations. BIOS vendors will be making updates available for Intel processors that implement SSBD and Ubuntu is working with Intel to provide future microcode updates. Ubuntu users with a processor from a different vendor should contact the vendor to identify necessary firmware updates. Ubuntu provided corresponding QEMU updates for users of self-hosted virtual environments in USN 3651-1. Ubuntu users in cloud environments should contact the cloud provider to confirm that the hypervisor has been updated to expose the new CPU features to virtual machines. Relevant releases/architectures: RHV-M 4.2 - noarch 3. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. The following packages have been upgraded to a later upstream version: rhvm-setup-plugins (4.2.9). Software Description: - intel-microcode: Processor microcode for Intel CPUs Details: It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). This vulnerability is also known as Rogue System Register Read (RSRE). Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Once all virtual machines have shut down, start them again for this update to take effect

IOT TAXONOMY

AFFECTED PRODUCTS