{"affected":[],"aliases":[],"details":"\nThis collective update for KVM and libvirt provides fixes for security and \nnon-security issues.\n\nkvm:\n\n    * Fix NULL pointer dereference because of uninitialized UDP socket.\n      (bsc#897654, CVE-2014-3640)\n    * Fix performance degradation after migration. (bsc#878350)\n    * Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag\n      in FS_IOC_FIEMAP ioctl. (bsc#908381)\n    * Add validate hex properties for qdev. (bsc#852397)\n    * Add boot option to do strict boot (bsc#900084)\n    * Add query-command-line-options QMP command. (bsc#899144)\n    * Fix incorrect return value of migrate_cancel. (bsc#843074)\n    * Fix insufficient parameter validation during ram load. (bsc#905097,\n      CVE-2014-7840)\n    * Fix insufficient blit region checks in qemu/cirrus. (bsc#907805,\n      CVE-2014-8106)\n\nlibvirt:\n\n    * Fix security hole with migratable flag in dumpxml. (bsc#904176,\n      CVE-2014-7823)\n    * Fix domain deadlock. (bsc#899484, CVE-2014-3657)\n    * Use correct definition when looking up disk in qemu blkiotune.\n      (bsc#897783, CVE-2014-3633)\n    * Fix undefined symbol when starting virtlockd. (bsc#910145)\n    * Add '-boot strict' to qemu's commandline whenever possible.\n      (bsc#900084)\n    * Add support for 'reboot-timeout' in qemu. (bsc#899144)\n    * Increase QEMU's monitor timeout to 30sec. (bsc#911742)\n    * Allow setting QEMU's migration max downtime any time. (bsc#879665)\n\nSecurity Issues:\n\n    * CVE-2014-7823\n      <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823>\n    * CVE-2014-3657\n      <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657>\n    * CVE-2014-3633\n      <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633>\n    * CVE-2014-3640\n      <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640>\n    * CVE-2014-7840\n      <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840>\n    * CVE-2014-8106\n      <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8106>\n\n","id":"SUSE-SU-2015:0357-1","modified":"2015-01-23T01:22:37Z","published":"2015-01-23T01:22:37Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20150357-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/843074"},{"type":"REPORT","url":"https://bugzilla.suse.com/852397"},{"type":"REPORT","url":"https://bugzilla.suse.com/878350"},{"type":"REPORT","url":"https://bugzilla.suse.com/879665"},{"type":"REPORT","url":"https://bugzilla.suse.com/897654"},{"type":"REPORT","url":"https://bugzilla.suse.com/897783"},{"type":"REPORT","url":"https://bugzilla.suse.com/899144"},{"type":"REPORT","url":"https://bugzilla.suse.com/899484"},{"type":"REPORT","url":"https://bugzilla.suse.com/900084"},{"type":"REPORT","url":"https://bugzilla.suse.com/904176"},{"type":"REPORT","url":"https://bugzilla.suse.com/905097"},{"type":"REPORT","url":"https://bugzilla.suse.com/907805"},{"type":"REPORT","url":"https://bugzilla.suse.com/908381"},{"type":"REPORT","url":"https://bugzilla.suse.com/910145"},{"type":"REPORT","url":"https://bugzilla.suse.com/911742"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3633"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3640"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3657"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-7823"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-7840"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-8106"}],"related":["CVE-2014-3633","CVE-2014-3640","CVE-2014-3657","CVE-2014-7823","CVE-2014-7840","CVE-2014-8106"],"summary":"Security update for kvm and libvirt","upstream":["CVE-2014-3633","CVE-2014-3640","CVE-2014-3657","CVE-2014-7823","CVE-2014-7840","CVE-2014-8106"]}