File _patchinfo of Package patchinfo.11459

<patchinfo incident="11459">
  <issue tracker="bnc" id="1134348">VUL-0: CVE-2019-10132: libvirt: too lax systemd socket permissions</issue>
  <issue tracker="bnc" id="1136109">libvirt should require systemd-container</issue>
  <issue tracker="bnc" id="1135273">[Build227.1]libvirt missing "md-clear" flag support</issue>
  <issue tracker="bnc" id="1133229">libvirtd.service is enabling conntrack by default incurring performance overhead even when unused</issue>
  <issue tracker="bnc" id="1111331">VUL-0: CPU issues Q2 2019 aka "Microarchitectural Data Sampling (MDS)" aka ZombieLoadAttack / RIDL / Fallout</issue>
  <issue tracker="cve" id="2018-12127"/>
  <issue tracker="cve" id="2018-12126"/>
  <issue tracker="cve" id="2018-12130"/>
  <issue tracker="cve" id="2019-10132"/>
  <issue tracker="cve" id="2019-11091"/>
  <category>security</category>
  <rating>important</rating>
  <packager>jfehlig</packager>
  <description>
  
This update for libvirt fixes the following issues:

Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)

- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273).

For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736

Security issues fixed:

- CVE-2019-10132: Reject clients unless their UID matches the server UID (bsc#1134348)

Non security issues fixed:

- delay global firewall setup if no networks are running (bsc#1133229)
- add systemd-container dependency to qemu and lxc drivers (bsc#1136109)

</description>
  <summary>Security update for libvirt</summary>
</patchinfo>