Описание
Security update for libvirt
libvirt was updated to fix one security issue and several non-security issues.
This security issue was fixed:
- CVE-2015-0236: libvirt allowed remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. (bsc#914693)
- CVE-2015-5313: path traversal vulnerability allowed libvirtd process to write arbitrary files into file system using root permissions (bsc#953110)
Theses non-security issues were fixed:
- bsc#948686: Use PAUSED state for domains that are starting up.
- bsc#903757: Provide nodeGetSecurityModel implementation in libxl.
- bsc#938228: Set disk type to BLOCK when driver is not tap or file.
- bsc#948516: Fix profile_status to distinguish between errors and unconfined domains.
- bsc#936524: Fix error starting lxc containers with direct interfaces.
- bsc#921555: Fixed apparmor generated profile for PCI hostdevs.
- bsc#899334: Include additional upstream fixes for systemd TerminateMachine.
- bsc#921586: Fix security driver default settings in /etc/libvirt/qemu.conf.
- bsc#921355: Fixed a number of QEMU apparmor abstraction problems.
- bsc#911737: Additional fix for the case where security labels aren't automatically set.
- bsc#914297: Allow setting the URL of an SMT server to use in place of SCC.
- bsc#904432: Backported route definition changes.
Список пакетов
SUSE Linux Enterprise Desktop 12
libvirt-1.2.5-27.10.1
libvirt-client-1.2.5-27.10.1
libvirt-client-32bit-1.2.5-27.10.1
libvirt-daemon-1.2.5-27.10.1
libvirt-daemon-config-network-1.2.5-27.10.1
libvirt-daemon-config-nwfilter-1.2.5-27.10.1
libvirt-daemon-driver-interface-1.2.5-27.10.1
libvirt-daemon-driver-libxl-1.2.5-27.10.1
libvirt-daemon-driver-lxc-1.2.5-27.10.1
libvirt-daemon-driver-network-1.2.5-27.10.1
libvirt-daemon-driver-nodedev-1.2.5-27.10.1
libvirt-daemon-driver-nwfilter-1.2.5-27.10.1
libvirt-daemon-driver-qemu-1.2.5-27.10.1
libvirt-daemon-driver-secret-1.2.5-27.10.1
libvirt-daemon-driver-storage-1.2.5-27.10.1
libvirt-daemon-lxc-1.2.5-27.10.1
libvirt-daemon-qemu-1.2.5-27.10.1
libvirt-daemon-xen-1.2.5-27.10.1
libvirt-doc-1.2.5-27.10.1
SUSE Linux Enterprise Server 12
libvirt-1.2.5-27.10.1
libvirt-client-1.2.5-27.10.1
libvirt-daemon-1.2.5-27.10.1
libvirt-daemon-config-network-1.2.5-27.10.1
libvirt-daemon-config-nwfilter-1.2.5-27.10.1
libvirt-daemon-driver-interface-1.2.5-27.10.1
libvirt-daemon-driver-libxl-1.2.5-27.10.1
libvirt-daemon-driver-lxc-1.2.5-27.10.1
libvirt-daemon-driver-network-1.2.5-27.10.1
libvirt-daemon-driver-nodedev-1.2.5-27.10.1
libvirt-daemon-driver-nwfilter-1.2.5-27.10.1
libvirt-daemon-driver-qemu-1.2.5-27.10.1
libvirt-daemon-driver-secret-1.2.5-27.10.1
libvirt-daemon-driver-storage-1.2.5-27.10.1
libvirt-daemon-lxc-1.2.5-27.10.1
libvirt-daemon-qemu-1.2.5-27.10.1
libvirt-daemon-xen-1.2.5-27.10.1
libvirt-doc-1.2.5-27.10.1
libvirt-lock-sanlock-1.2.5-27.10.1
SUSE Linux Enterprise Server for SAP Applications 12
libvirt-client-32bit-1.2.5-27.10.1
libvirt-1.2.5-27.10.1
libvirt-client-1.2.5-27.10.1
libvirt-daemon-1.2.5-27.10.1
libvirt-daemon-config-network-1.2.5-27.10.1
libvirt-daemon-config-nwfilter-1.2.5-27.10.1
libvirt-daemon-driver-interface-1.2.5-27.10.1
libvirt-daemon-driver-libxl-1.2.5-27.10.1
libvirt-daemon-driver-lxc-1.2.5-27.10.1
libvirt-daemon-driver-network-1.2.5-27.10.1
libvirt-daemon-driver-nodedev-1.2.5-27.10.1
libvirt-daemon-driver-nwfilter-1.2.5-27.10.1
libvirt-daemon-driver-qemu-1.2.5-27.10.1
libvirt-daemon-driver-secret-1.2.5-27.10.1
libvirt-daemon-driver-storage-1.2.5-27.10.1
libvirt-daemon-lxc-1.2.5-27.10.1
libvirt-daemon-qemu-1.2.5-27.10.1
libvirt-daemon-xen-1.2.5-27.10.1
libvirt-doc-1.2.5-27.10.1
libvirt-lock-sanlock-1.2.5-27.10.1
SUSE Linux Enterprise Software Development Kit 12
libvirt-devel-1.2.5-27.10.1
SUSE Linux Enterprise Workstation Extension 12
libvirt-client-32bit-1.2.5-27.10.1
Ссылки
- Link for SUSE-SU-2016:0304-1
- E-Mail link for SUSE-SU-2016:0304-1
- SUSE Security Ratings
- SUSE Bug 899334
- SUSE Bug 903757
- SUSE Bug 904432
- SUSE Bug 911737
- SUSE Bug 914297
- SUSE Bug 914693
- SUSE Bug 921355
- SUSE Bug 921555
- SUSE Bug 921586
- SUSE Bug 936524
- SUSE Bug 938228
- SUSE Bug 948516
- SUSE Bug 948686
- SUSE Bug 953110
- SUSE CVE CVE-2015-0236 page
- SUSE CVE CVE-2015-5313 page
Описание
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libvirt-1.2.5-27.10.1
SUSE Linux Enterprise Desktop 12:libvirt-client-1.2.5-27.10.1
SUSE Linux Enterprise Desktop 12:libvirt-client-32bit-1.2.5-27.10.1
SUSE Linux Enterprise Desktop 12:libvirt-daemon-1.2.5-27.10.1
Ссылки
- CVE-2015-0236
- SUSE Bug 914693
Описание
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libvirt-1.2.5-27.10.1
SUSE Linux Enterprise Desktop 12:libvirt-client-1.2.5-27.10.1
SUSE Linux Enterprise Desktop 12:libvirt-client-32bit-1.2.5-27.10.1
SUSE Linux Enterprise Desktop 12:libvirt-daemon-1.2.5-27.10.1
Ссылки
- CVE-2015-5313
- SUSE Bug 953110