Описание
Security update for libvirt
libvirt was updated to fix security issues and bugs.
These security issues were fixed:
- Fixed denial of service flaw in libvirt's virConnectListAllDomains() function (CVE-2014-3657).
- Information leak with flag VIR_DOMAIN_XML_MIGRATABLE (CVE-2014-7823).
- local denial of service in qemu driver (CVE-2014-8136)
These non-security issues were fixed:
- Get /proc/sys/net/ipv[46] read-write for wicked to work in containers (bsc#904432).
- libxl: Several migration improvements (bsc#903756).
- libxl: allow libxl to find pygrub binary (bdo#770485).
- Fix Qemu AppArmor abstraction (bsc#904426).
- AppArmor confined kvm domains couldn't find the apparmor profile template (bnc#902976).
- Backport commit c110cdb2 to fix non-raw storage format error (bnc#900587).
- qemu: use systemd's TerminateMachine to kill all processes (bsc#899334).
- Transformed Errors into warnings in detect_scsi_host_caps.
- Fix a missing cleanup for lxc containers.
- Adding network configuration to containers. bsc#904432
Список пакетов
SUSE Linux Enterprise Desktop 12
libvirt-1.2.5-21.1
libvirt-client-1.2.5-21.1
libvirt-client-32bit-1.2.5-21.1
libvirt-daemon-1.2.5-21.1
libvirt-daemon-config-network-1.2.5-21.1
libvirt-daemon-config-nwfilter-1.2.5-21.1
libvirt-daemon-driver-interface-1.2.5-21.1
libvirt-daemon-driver-libxl-1.2.5-21.1
libvirt-daemon-driver-lxc-1.2.5-21.1
libvirt-daemon-driver-network-1.2.5-21.1
libvirt-daemon-driver-nodedev-1.2.5-21.1
libvirt-daemon-driver-nwfilter-1.2.5-21.1
libvirt-daemon-driver-qemu-1.2.5-21.1
libvirt-daemon-driver-secret-1.2.5-21.1
libvirt-daemon-driver-storage-1.2.5-21.1
libvirt-daemon-lxc-1.2.5-21.1
libvirt-daemon-qemu-1.2.5-21.1
libvirt-daemon-xen-1.2.5-21.1
libvirt-doc-1.2.5-21.1
SUSE Linux Enterprise Server 12
libvirt-1.2.5-21.1
libvirt-client-1.2.5-21.1
libvirt-daemon-1.2.5-21.1
libvirt-daemon-config-network-1.2.5-21.1
libvirt-daemon-config-nwfilter-1.2.5-21.1
libvirt-daemon-driver-interface-1.2.5-21.1
libvirt-daemon-driver-libxl-1.2.5-21.1
libvirt-daemon-driver-lxc-1.2.5-21.1
libvirt-daemon-driver-network-1.2.5-21.1
libvirt-daemon-driver-nodedev-1.2.5-21.1
libvirt-daemon-driver-nwfilter-1.2.5-21.1
libvirt-daemon-driver-qemu-1.2.5-21.1
libvirt-daemon-driver-secret-1.2.5-21.1
libvirt-daemon-driver-storage-1.2.5-21.1
libvirt-daemon-lxc-1.2.5-21.1
libvirt-daemon-qemu-1.2.5-21.1
libvirt-daemon-xen-1.2.5-21.1
libvirt-doc-1.2.5-21.1
libvirt-lock-sanlock-1.2.5-21.1
SUSE Linux Enterprise Server for SAP Applications 12
libvirt-1.2.5-21.1
libvirt-client-1.2.5-21.1
libvirt-daemon-1.2.5-21.1
libvirt-daemon-config-network-1.2.5-21.1
libvirt-daemon-config-nwfilter-1.2.5-21.1
libvirt-daemon-driver-interface-1.2.5-21.1
libvirt-daemon-driver-libxl-1.2.5-21.1
libvirt-daemon-driver-lxc-1.2.5-21.1
libvirt-daemon-driver-network-1.2.5-21.1
libvirt-daemon-driver-nodedev-1.2.5-21.1
libvirt-daemon-driver-nwfilter-1.2.5-21.1
libvirt-daemon-driver-qemu-1.2.5-21.1
libvirt-daemon-driver-secret-1.2.5-21.1
libvirt-daemon-driver-storage-1.2.5-21.1
libvirt-daemon-lxc-1.2.5-21.1
libvirt-daemon-qemu-1.2.5-21.1
libvirt-daemon-xen-1.2.5-21.1
libvirt-doc-1.2.5-21.1
libvirt-lock-sanlock-1.2.5-21.1
SUSE Linux Enterprise Software Development Kit 12
libvirt-devel-1.2.5-21.1
SUSE Linux Enterprise Workstation Extension 12
libvirt-client-32bit-1.2.5-21.1
Ссылки
- Link for SUSE-SU-2015:0241-1
- E-Mail link for SUSE-SU-2015:0241-1
- SUSE Security Ratings
- SUSE Bug 891936
- SUSE Bug 899334
- SUSE Bug 899484
- SUSE Bug 900587
- SUSE Bug 902976
- SUSE Bug 903756
- SUSE Bug 904176
- SUSE Bug 904426
- SUSE Bug 904432
- SUSE Bug 909828
- SUSE Bug 910862
- SUSE Bug 911737
- SUSE CVE CVE-2014-3657 page
- SUSE CVE CVE-2014-7823 page
- SUSE CVE CVE-2014-8136 page
Описание
The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libvirt-1.2.5-21.1
SUSE Linux Enterprise Desktop 12:libvirt-client-1.2.5-21.1
SUSE Linux Enterprise Desktop 12:libvirt-client-32bit-1.2.5-21.1
SUSE Linux Enterprise Desktop 12:libvirt-daemon-1.2.5-21.1
Ссылки
- CVE-2014-3657
- SUSE Bug 897783
- SUSE Bug 899484
Описание
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libvirt-1.2.5-21.1
SUSE Linux Enterprise Desktop 12:libvirt-client-1.2.5-21.1
SUSE Linux Enterprise Desktop 12:libvirt-client-32bit-1.2.5-21.1
SUSE Linux Enterprise Desktop 12:libvirt-daemon-1.2.5-21.1
Ссылки
- CVE-2014-7823
- SUSE Bug 904176
Описание
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libvirt-1.2.5-21.1
SUSE Linux Enterprise Desktop 12:libvirt-client-1.2.5-21.1
SUSE Linux Enterprise Desktop 12:libvirt-client-32bit-1.2.5-21.1
SUSE Linux Enterprise Desktop 12:libvirt-daemon-1.2.5-21.1
Ссылки
- CVE-2014-8136
- SUSE Bug 910862