File _patchinfo of Package patchinfo.9813

<patchinfo incident="9813">
  <issue tracker="bnc" id="1123642">When write some notes on Cyrillic in the Guest summary form for KVM and shutdown the guest then it can not start</issue>
  <issue tracker="bnc" id="1130129">apparmor confined libvirt containers fail to start</issue>
  <issue tracker="bnc" id="1124667">L3: after to-migrate leftover qemu process with 100% cpu load, although VirtualDomain says exit 0</issue>
  <issue tracker="bnc" id="1126325">L3: No way to set max_grant_frames for domUs via libvirt</issue>
  <issue tracker="bnc" id="1112182">[SLES15] VxLAN macvtap interface is not listing in virt-manager GUI in SLES15 OS</issue>
  <issue tracker="bnc" id="1127458">VUL-0: CVE-2019-3840: libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function</issue>
  <issue tracker="bnc" id="1125665">libvirt regression: can't start domains in qemu:///session -- prctl failed to enable 'dac_override' in the AMBIENT set</issue>
  <issue tracker="bnc" id="1118952">AppArmor profile update</issue>
  <issue tracker="bnc" id="1081516">Crash kexec not working in Xen HVM domains created by libvirt</issue>
  <issue tracker="bnc" id="1117058">libvirt needs updated apparmor profile</issue>
  <issue tracker="bnc" id="1104662">zypper patch executes /usr/bin/systemctl try-restart libvirt-guests.service</issue>
  <issue tracker="bnc" id="1102604">root only permissions on sev device</issue>
  <issue tracker="bnc" id="1106420">libvirt-daemon error "virHashSearch:727 : Hash operation not allowed during iteration"</issue>
  <issue tracker="bnc" id="1108395">Calling the virNodeGetSEVInfo API will crash libvirtd on an AMD SEV enabled host</issue>
  <issue tracker="bnc" id="1120813">Virsh setmem  &#8211;config does not preserve memory settings on live migrate</issue>
  <issue tracker="bnc" id="1108086">Migration of Xen VMs via libvirt can fail on busy hosts</issue>
  <issue tracker="cve" id="2019-3840"/>
  <issue tracker="fate" id="325817"/>
  <category>security</category>
  <rating>important</rating>
  <packager>jfehlig</packager>
  <description>This update for libvirt provides the following fixes:

Security issue fixed: 

- CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could 
  have resulted in a remote denial of service via the guest agent (bsc#1127458).  

Other issues addressed: 

- apparmor: reintroduce upstream lxc mount rules (bsc#1130129).
- hook: encode incoming XML to UTF-8 before passing to lxml etree from string method (bsc#1123642).
- supportconfig: collect rotated logs in /var/log/libvirt/* (bsc#1124667).
- libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325).
- conf: added new 'xenbus' controller type
- util: skip RDMA detection for non-PCI network devices (bsc#1112182).
- qemu: don't use CAP_DAC_OVERRIDE capability if non-root (bsc#1125665).
- qemu: fix issues related to restricted permissions on /dev/sev(bsc#1102604).
- apparmor: add support for named profiles (bsc#1118952).
- libxl: save current memory value after successful balloon (bsc#1120813).
- apparmor: Fix ptrace rules. (bsc#1117058)
- libxl: Add support for soft reset. (bsc#1081516)
- libxl: Fix VM migration on busy hosts. (bsc#1108086)
- qemu: Add support for SEV guests. (fate#325817)
- util: Don't check for parallel iteration in hash-related functions. (bsc#1106420)
- spec: Don't restart libvirt-guests when updating libvirt-client. (bsc#1104662)
- Fix virNodeGetSEVInfo API crashing libvirtd on AMD SEV enabled hosts. (bsc#1108395)
</description>
  <summary>Security update for libvirt</summary>
</patchinfo>