ID

VAR-201805-0963

CVE

CVE-2018-3639

TITLE

CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

DESCRIPTION

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Has speculative execution function CPU Is vulnerable to a cache-side channel attack. "Variant 4" Or "SpectreNG" It is called. Has speculative execution function CPU The following vulnerabilities have been reported that perform cache timing side-channel attacks against. * CVE-2018-3639 (Variant 4 "SpectreNG") : Speculative Store Bypass (SSB) * CVE-2018-3640 (Variant 3a) : Rogue System Register Read (RSRE) For more information, Project Zero <a href="https://bugs.chromium.org/p/project-zero/issues/detail?id=1528">bug report</a> , Intel security advisory <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html">INTEL-SA-00115</a> and ARM <a href="https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability">whitepaper</a> Please refer to. This vulnerability has been announced in the past <a href="https://www.kb.cert.org/vuls/id/584653"> Vulnerability </a> CVE-2017-5753 (Variant 1 "Spectre") , CVE-2017-5715 (Variant 2 "Spectre") , CVE-2017-5754 (Variant 3 "Meltdown") To be similar to "SpectreNG" It is reported with the name.By using a cache timing side channel attack, a third party who can access as a local user may be able to read arbitrary privilege data or system register values. CPUhardware is firmware that runs in the central processor for managing and controlling the CPU. Multiple CPUHardware information disclosure vulnerabilities. The vulnerability is caused by a race condition in the CPU cache processing. Local attackers can exploit vulnerabilities to obtain sensitive information through side channel analysis. AMD, ARM, and Intel CPUs are all CPU (central processing unit) products from different manufacturers. AMD, ARM, and Intel CPUs have security vulnerabilities. 7) - aarch64, noarch, ppc64le, s390x 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. 7.3) - ppc64, ppc64le, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. (CVE-2018-3639) Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system might be required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact. In this update, mitigation for PowerPC architecture is provided. * kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/articles/3461451 4. 7) - aarch64, noarch, ppc64le 3. (CVE-2018-3639, aarch64) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. Bugs fixed (https://bugzilla.redhat.com/): 1516257 - CVE-2017-16648 kernel: Use-after-free in drivers/media/dvb-core/dvb_frontend.c 1528312 - CVE-2017-17805 kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service 1528323 - CVE-2017-17806 kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service 1533909 - CVE-2018-5344 kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service 1539508 - CVE-2017-18075 kernel: Mishandled freeing of instances in pcrypt.c can allow a local user to cause a denial of service 1539706 - CVE-2018-5750 kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass 1541846 - CVE-2018-1000026 kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet 1547824 - CVE-2018-1065 kernel: netfilter: xtables NULL pointer dereference in ip6_tables.c:ip6t_do_table() leading to a crash 1548412 - CVE-2017-13166 kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation 1550142 - CVE-2018-7566 kernel: race condition in snd_seq_write() may lead to UAF or OOB-access 1551051 - CVE-2018-5803 kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service 1551565 - CVE-2017-18208 kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service 1552048 - CVE-2018-1068 kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c 1553361 - CVE-2018-7757 kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c 1560777 - CVE-2018-1092 kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image 1560788 - CVE-2018-1094 kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image 1560793 - CVE-2018-1095 kernel: out-of-bound access in fs/posix_acl.c:get_acl() causes crash with crafted ext4 image 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 1568744 - CVE-2018-1000200 kernel: NULL pointer dereference on OOM kill of large mlocked process 1571062 - CVE-2018-8781 kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space 1571623 - CVE-2018-10322 kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service 1573699 - CVE-2018-1118 kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() 1575472 - CVE-2018-1120 kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service 1577408 - CVE-2018-10940 kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c 1583210 - CVE-2018-11506 kernel: Stack-based buffer overflow in drivers/scsi/sr_ioctl.c allows denial of service or other unspecified impact 1589324 - CVE-2018-1000204 kernel: Infoleak caused by incorrect handling of the SG_IO ioctl 1590215 - CVE-2018-12232 kernel: NULL pointer dereference if close and fchownat system calls share a socket file descriptor 1590799 - CVE-2018-5848 kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption 1596795 - CVE-2018-10877 kernel: out-of-bound access in ext4_ext_drop_refs function with a crafted ext4 image 1596802 - CVE-2018-10878 kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image 1596806 - CVE-2018-10879 kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file 1596812 - CVE-2018-10880 kernel: stack-out-of-bounds write in ext4_update_inline_data function 1596828 - CVE-2018-10881 kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image 1596842 - CVE-2018-10882 kernel: stack-out-of-bounds write infs/jbd2/transaction.c 1596846 - CVE-2018-10883 kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function 1599161 - CVE-2018-13405 kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members 1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) 1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) 1610958 - CVE-2017-18344 kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c 1622004 - CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto api. 1623067 - CVE-2018-9363 kernel: Buffer overflow in hidp_process_report 1629636 - CVE-2018-14641 kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment() 6. Relevant releases/architectures: RHV-M 4.2 - noarch 3. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. The following packages have been upgraded to a later upstream version: rhvm-setup-plugins (4.2.10). Bug Fix(es): * This update adds support for IBM POWER9 hypervisors with RHEL-ALT and POWER9 guests. It also adds support for POWER8 guests on a POWER9 hypervisor and live migration of POWER8 guests between POWER8 and POWER9 hypervisors. (BZ#1592320) 4. 7) - x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. (CVE-2018-3639) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation that includes support for guests running on hosts with AMD processors. Once all virtual machines have shut down, start them again for this update to take effect. ========================================================================== Ubuntu Security Notice USN-3651-1 May 21, 2018 qemu update ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Side channel execution mitigations were added to QEMU. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by microcode updates to guests on amd64 and i386. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: qemu 1:2.11+dfsg-1ubuntu7.2 qemu-system 1:2.11+dfsg-1ubuntu7.2 qemu-system-x86 1:2.11+dfsg-1ubuntu7.2 Ubuntu 17.10: qemu 1:2.10+dfsg-0ubuntu3.7 qemu-system 1:2.10+dfsg-0ubuntu3.7 qemu-system-x86 1:2.10+dfsg-0ubuntu3.7 Ubuntu 16.04 LTS: qemu 1:2.5+dfsg-5ubuntu10.29 qemu-system 1:2.5+dfsg-5ubuntu10.29 qemu-system-x86 1:2.5+dfsg-5ubuntu10.29 Ubuntu 14.04 LTS: qemu 2.0.0+dfsg-2ubuntu1.42 qemu-system 2.0.0+dfsg-2ubuntu1.42 qemu-system-x86 2.0.0+dfsg-2ubuntu1.42 After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: libvirt security update Advisory ID: RHSA-2018:1632-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1632 Issue date: 2018-05-21 CVE Names: CVE-2018-3639 ===================================================================== 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the libvirt side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libvirt-3.9.0-14.el7_5.5.src.rpm x86_64: libvirt-3.9.0-14.el7_5.5.x86_64.rpm libvirt-client-3.9.0-14.el7_5.5.i686.rpm libvirt-client-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.5.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm libvirt-libs-3.9.0-14.el7_5.5.i686.rpm libvirt-libs-3.9.0-14.el7_5.5.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libvirt-admin-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.5.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm libvirt-devel-3.9.0-14.el7_5.5.i686.rpm libvirt-devel-3.9.0-14.el7_5.5.x86_64.rpm libvirt-docs-3.9.0-14.el7_5.5.x86_64.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.5.x86_64.rpm libvirt-login-shell-3.9.0-14.el7_5.5.x86_64.rpm libvirt-nss-3.9.0-14.el7_5.5.i686.rpm libvirt-nss-3.9.0-14.el7_5.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libvirt-3.9.0-14.el7_5.5.src.rpm x86_64: libvirt-client-3.9.0-14.el7_5.5.i686.rpm libvirt-client-3.9.0-14.el7_5.5.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm libvirt-libs-3.9.0-14.el7_5.5.i686.rpm libvirt-libs-3.9.0-14.el7_5.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libvirt-3.9.0-14.el7_5.5.x86_64.rpm libvirt-admin-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.5.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm libvirt-devel-3.9.0-14.el7_5.5.i686.rpm libvirt-devel-3.9.0-14.el7_5.5.x86_64.rpm libvirt-docs-3.9.0-14.el7_5.5.x86_64.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.5.x86_64.rpm libvirt-login-shell-3.9.0-14.el7_5.5.x86_64.rpm libvirt-nss-3.9.0-14.el7_5.5.i686.rpm libvirt-nss-3.9.0-14.el7_5.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libvirt-3.9.0-14.el7_5.5.src.rpm ppc64: libvirt-3.9.0-14.el7_5.5.ppc64.rpm libvirt-client-3.9.0-14.el7_5.5.ppc.rpm libvirt-client-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.ppc64.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.ppc.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.ppc64.rpm libvirt-devel-3.9.0-14.el7_5.5.ppc.rpm libvirt-devel-3.9.0-14.el7_5.5.ppc64.rpm libvirt-docs-3.9.0-14.el7_5.5.ppc64.rpm libvirt-libs-3.9.0-14.el7_5.5.ppc.rpm libvirt-libs-3.9.0-14.el7_5.5.ppc64.rpm ppc64le: libvirt-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-client-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-devel-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-docs-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-libs-3.9.0-14.el7_5.5.ppc64le.rpm s390x: libvirt-3.9.0-14.el7_5.5.s390x.rpm libvirt-client-3.9.0-14.el7_5.5.s390.rpm libvirt-client-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.5.s390x.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.s390.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.s390x.rpm libvirt-devel-3.9.0-14.el7_5.5.s390.rpm libvirt-devel-3.9.0-14.el7_5.5.s390x.rpm libvirt-docs-3.9.0-14.el7_5.5.s390x.rpm libvirt-libs-3.9.0-14.el7_5.5.s390.rpm libvirt-libs-3.9.0-14.el7_5.5.s390x.rpm x86_64: libvirt-3.9.0-14.el7_5.5.x86_64.rpm libvirt-client-3.9.0-14.el7_5.5.i686.rpm libvirt-client-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.5.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm libvirt-devel-3.9.0-14.el7_5.5.i686.rpm libvirt-devel-3.9.0-14.el7_5.5.x86_64.rpm libvirt-docs-3.9.0-14.el7_5.5.x86_64.rpm libvirt-libs-3.9.0-14.el7_5.5.i686.rpm libvirt-libs-3.9.0-14.el7_5.5.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: libvirt-3.9.0-14.el7_5.5.src.rpm ppc64le: libvirt-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-client-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-devel-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-docs-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-libs-3.9.0-14.el7_5.5.ppc64le.rpm s390x: libvirt-3.9.0-14.el7_5.5.s390x.rpm libvirt-client-3.9.0-14.el7_5.5.s390.rpm libvirt-client-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.5.s390x.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.s390.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.s390x.rpm libvirt-devel-3.9.0-14.el7_5.5.s390.rpm libvirt-devel-3.9.0-14.el7_5.5.s390x.rpm libvirt-docs-3.9.0-14.el7_5.5.s390x.rpm libvirt-libs-3.9.0-14.el7_5.5.s390.rpm libvirt-libs-3.9.0-14.el7_5.5.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libvirt-admin-3.9.0-14.el7_5.5.ppc64.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.5.ppc64.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.ppc.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.ppc64.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.5.ppc64.rpm libvirt-login-shell-3.9.0-14.el7_5.5.ppc64.rpm libvirt-nss-3.9.0-14.el7_5.5.ppc.rpm libvirt-nss-3.9.0-14.el7_5.5.ppc64.rpm ppc64le: libvirt-admin-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-login-shell-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-nss-3.9.0-14.el7_5.5.ppc64le.rpm s390x: libvirt-admin-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.5.s390x.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.s390.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.s390x.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.5.s390x.rpm libvirt-login-shell-3.9.0-14.el7_5.5.s390x.rpm libvirt-nss-3.9.0-14.el7_5.5.s390.rpm libvirt-nss-3.9.0-14.el7_5.5.s390x.rpm x86_64: libvirt-admin-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.5.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.5.x86_64.rpm libvirt-login-shell-3.9.0-14.el7_5.5.x86_64.rpm libvirt-nss-3.9.0-14.el7_5.5.i686.rpm libvirt-nss-3.9.0-14.el7_5.5.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): Source: libvirt-3.9.0-14.el7_5.5.src.rpm aarch64: libvirt-3.9.0-14.el7_5.5.aarch64.rpm libvirt-admin-3.9.0-14.el7_5.5.aarch64.rpm libvirt-client-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.5.aarch64.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.5.aarch64.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.aarch64.rpm libvirt-devel-3.9.0-14.el7_5.5.aarch64.rpm libvirt-docs-3.9.0-14.el7_5.5.aarch64.rpm libvirt-libs-3.9.0-14.el7_5.5.aarch64.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.5.aarch64.rpm libvirt-login-shell-3.9.0-14.el7_5.5.aarch64.rpm libvirt-nss-3.9.0-14.el7_5.5.aarch64.rpm ppc64le: libvirt-admin-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-login-shell-3.9.0-14.el7_5.5.ppc64le.rpm libvirt-nss-3.9.0-14.el7_5.5.ppc64le.rpm s390x: libvirt-admin-3.9.0-14.el7_5.5.s390x.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.5.s390x.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.s390.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.s390x.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.5.s390x.rpm libvirt-login-shell-3.9.0-14.el7_5.5.s390x.rpm libvirt-nss-3.9.0-14.el7_5.5.s390.rpm libvirt-nss-3.9.0-14.el7_5.5.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libvirt-3.9.0-14.el7_5.5.src.rpm x86_64: libvirt-3.9.0-14.el7_5.5.x86_64.rpm libvirt-client-3.9.0-14.el7_5.5.i686.rpm libvirt-client-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-config-network-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-network-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-kvm-3.9.0-14.el7_5.5.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm libvirt-devel-3.9.0-14.el7_5.5.i686.rpm libvirt-devel-3.9.0-14.el7_5.5.x86_64.rpm libvirt-docs-3.9.0-14.el7_5.5.x86_64.rpm libvirt-libs-3.9.0-14.el7_5.5.i686.rpm libvirt-libs-3.9.0-14.el7_5.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libvirt-admin-3.9.0-14.el7_5.5.x86_64.rpm libvirt-daemon-lxc-3.9.0-14.el7_5.5.x86_64.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm libvirt-lock-sanlock-3.9.0-14.el7_5.5.x86_64.rpm libvirt-login-shell-3.9.0-14.el7_5.5.x86_64.rpm libvirt-nss-3.9.0-14.el7_5.5.i686.rpm libvirt-nss-3.9.0-14.el7_5.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/ssbd 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWwQp8NzjgjWX9erEAQgjIQ/9FPWlz6V6bfpte6N1MYXngwb3QURLtaya fu7q7WCq4GBE2+hqATKLzvpzqYD0wVWuiy2ayQ1TBmLd3Hh2m3fqKq9P/CH3A5Kl HrEvKmhOuCCbRYcGwdV2CibzCNleBONgfsd+jA0vcWuRYUWz8lY0HIHAW/jNZdwm tVGFGmlMPN6tH4cGGIGkG3fq3n2F1V/D4u7vzfOvZi6M4+F2guVDikEF6Vuf3EVf IqKLhrNAPclyE84BnMa6Ql+Jvlj9OUhMHcuft4GfipyJPKcFZD+RicJTBdZQbznr eL+gxRZ4yYOPwjOet0XjuHA+s9jAfi2f4W/+D8UPfOtjFa94D06mClB8IMaVq7sM 3gmyediv6zgEDLFDNGngvh+ords+SLHJZwpmryHjZ6kSGJcSABIL9vTx/oi2IOQf 0Gci5qHP0l//qASkC4Z/ttYdWpgC6AkjZyafS19CAJmCkzmsgNavAouf/ssfzJdI /FI8driEQVDu8Q2hiPOwPisJLW4rkT3F+gSsk5yoEroX21SQODUuKkZ9su+GliiZ ETZG53/W43SxO6VAfn1vW0toI/QuCu4pWjcDXx/fjuxlhWhOIzGwCCt2Z3DitOfc X5aLkw/Or4Jd78yemhOam5b9Gq6n9IFTh7sbuQ2ldd9zxRH0bwSG+nwmS/7/7jxq wQPA6w3E8hM= =GAQw -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

IOT TAXONOMY

AFFECTED PRODUCTS