Описание
Security update for libvirt
This update for libvirt fixes one security issue:
- CVE-2016-5008: Empty VNC password disables authentication. (bsc#987527)
Additionally, the update includes the following non-security fixes:
- Improve waiting for block job readines in virsh. (bsc#989755)
- Parse negative values in augeas lenses. (bsc#975729)
- Restart daemons in %posttrans after connection drivers have been processed. (bsc#854343, bsc#968483)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
libvirt-1.2.18.4-11.7
libvirt-client-1.2.18.4-11.7
libvirt-client-32bit-1.2.18.4-11.7
libvirt-daemon-1.2.18.4-11.7
libvirt-daemon-config-network-1.2.18.4-11.7
libvirt-daemon-config-nwfilter-1.2.18.4-11.7
libvirt-daemon-driver-interface-1.2.18.4-11.7
libvirt-daemon-driver-libxl-1.2.18.4-11.7
libvirt-daemon-driver-lxc-1.2.18.4-11.7
libvirt-daemon-driver-network-1.2.18.4-11.7
libvirt-daemon-driver-nodedev-1.2.18.4-11.7
libvirt-daemon-driver-nwfilter-1.2.18.4-11.7
libvirt-daemon-driver-qemu-1.2.18.4-11.7
libvirt-daemon-driver-secret-1.2.18.4-11.7
libvirt-daemon-driver-storage-1.2.18.4-11.7
libvirt-daemon-lxc-1.2.18.4-11.7
libvirt-daemon-qemu-1.2.18.4-11.7
libvirt-daemon-xen-1.2.18.4-11.7
libvirt-doc-1.2.18.4-11.7
SUSE Linux Enterprise Server 12 SP1
libvirt-1.2.18.4-11.7
libvirt-client-1.2.18.4-11.7
libvirt-daemon-1.2.18.4-11.7
libvirt-daemon-config-network-1.2.18.4-11.7
libvirt-daemon-config-nwfilter-1.2.18.4-11.7
libvirt-daemon-driver-interface-1.2.18.4-11.7
libvirt-daemon-driver-libxl-1.2.18.4-11.7
libvirt-daemon-driver-lxc-1.2.18.4-11.7
libvirt-daemon-driver-network-1.2.18.4-11.7
libvirt-daemon-driver-nodedev-1.2.18.4-11.7
libvirt-daemon-driver-nwfilter-1.2.18.4-11.7
libvirt-daemon-driver-qemu-1.2.18.4-11.7
libvirt-daemon-driver-secret-1.2.18.4-11.7
libvirt-daemon-driver-storage-1.2.18.4-11.7
libvirt-daemon-lxc-1.2.18.4-11.7
libvirt-daemon-qemu-1.2.18.4-11.7
libvirt-daemon-xen-1.2.18.4-11.7
libvirt-doc-1.2.18.4-11.7
libvirt-lock-sanlock-1.2.18.4-11.7
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libvirt-1.2.18.4-11.7
libvirt-client-1.2.18.4-11.7
libvirt-daemon-1.2.18.4-11.7
libvirt-daemon-config-network-1.2.18.4-11.7
libvirt-daemon-config-nwfilter-1.2.18.4-11.7
libvirt-daemon-driver-interface-1.2.18.4-11.7
libvirt-daemon-driver-libxl-1.2.18.4-11.7
libvirt-daemon-driver-lxc-1.2.18.4-11.7
libvirt-daemon-driver-network-1.2.18.4-11.7
libvirt-daemon-driver-nodedev-1.2.18.4-11.7
libvirt-daemon-driver-nwfilter-1.2.18.4-11.7
libvirt-daemon-driver-qemu-1.2.18.4-11.7
libvirt-daemon-driver-secret-1.2.18.4-11.7
libvirt-daemon-driver-storage-1.2.18.4-11.7
libvirt-daemon-lxc-1.2.18.4-11.7
libvirt-daemon-qemu-1.2.18.4-11.7
libvirt-daemon-xen-1.2.18.4-11.7
libvirt-doc-1.2.18.4-11.7
libvirt-lock-sanlock-1.2.18.4-11.7
SUSE Linux Enterprise Software Development Kit 12 SP1
libvirt-devel-1.2.18.4-11.7
SUSE Linux Enterprise Workstation Extension 12 SP1
libvirt-client-32bit-1.2.18.4-11.7
Ссылки
- Link for SUSE-SU-2016:2053-1
- E-Mail link for SUSE-SU-2016:2053-1
- SUSE Security Ratings
- SUSE Bug 854343
- SUSE Bug 968483
- SUSE Bug 975729
- SUSE Bug 987527
- SUSE Bug 989755
- SUSE CVE CVE-2016-5008 page
Описание
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libvirt-1.2.18.4-11.7
SUSE Linux Enterprise Desktop 12 SP1:libvirt-client-1.2.18.4-11.7
SUSE Linux Enterprise Desktop 12 SP1:libvirt-client-32bit-1.2.18.4-11.7
SUSE Linux Enterprise Desktop 12 SP1:libvirt-daemon-1.2.18.4-11.7
Ссылки
- CVE-2016-5008
- SUSE Bug 987527