openSUSE-SU-2019:1672-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1672-1.json

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2019:1672-1

Related

Published

2019-06-30T19:03:42Z

Modified

2019-06-30T19:03:42Z

Summary

Security update for libvirt

Details

This update for libvirt fixes the following issues:

Security issues fixed:

CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301).
CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302).
CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303).

Other issue addressed:

spec: add systemd-container dependency to qemu and lxc drivers (bsc#1136109).

This update was imported from the SUSE:SLE-15:Update update project.

References

Affected packages

openSUSE:Leap 15.0 / libvirt

Package

Name: libvirt
Purl: purl:rpm/suse/libvirt&distro=openSUSE%20Leap%2015.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.0-lp150.7.18.2

Ecosystem specific

{
    "binaries": [
        {
            "libvirt-daemon-driver-storage-rbd": "4.0.0-lp150.7.18.2",
            "libvirt-doc": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-interface": "4.0.0-lp150.7.18.2",
            "libvirt-lock-sanlock": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-secret": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-nodedev": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-storage-core": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-qemu": "4.0.0-lp150.7.18.2",
            "libvirt-admin": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-qemu": "4.0.0-lp150.7.18.2",
            "libvirt-devel": "4.0.0-lp150.7.18.2",
            "libvirt": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-hooks": "4.0.0-lp150.7.18.2",
            "libvirt-daemon": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-storage-disk": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-nwfilter": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-lxc": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-storage": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-uml": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-libxl": "4.0.0-lp150.7.18.2",
            "wireshark-plugin-libvirt": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-storage-iscsi": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-storage-scsi": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-config-network": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-storage-logical": "4.0.0-lp150.7.18.2",
            "libvirt-nss": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-network": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-vbox": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-vbox": "4.0.0-lp150.7.18.2",
            "libvirt-devel-32bit": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-config-nwfilter": "4.0.0-lp150.7.18.2",
            "libvirt-libs": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-storage-mpath": "4.0.0-lp150.7.18.2",
            "libvirt-client": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-driver-lxc": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-uml": "4.0.0-lp150.7.18.2",
            "libvirt-daemon-xen": "4.0.0-lp150.7.18.2"
        }
    ]
}