SUSE-SU-2017:2850-1

Опубликовано: 25 окт. 2017

Источник: suse-cvrf

Описание

Security update for libvirt

This update for libvirt fixes the following issues:

Security issue fixed:

CVE-2017-1000256: Ensure TLS clients always verify the server certificate in the serial/TLS support. (bsc#1062563)

Non security issue fixed:

libvirt-daemon-qemu requires libvirt-daemon-driver-storage (bsc#1062620)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

libvirt-3.3.0-5.8.1

libvirt-admin-3.3.0-5.8.1

libvirt-client-3.3.0-5.8.1

libvirt-daemon-3.3.0-5.8.1

libvirt-daemon-config-network-3.3.0-5.8.1

libvirt-daemon-config-nwfilter-3.3.0-5.8.1

libvirt-daemon-driver-interface-3.3.0-5.8.1

libvirt-daemon-driver-libxl-3.3.0-5.8.1

libvirt-daemon-driver-lxc-3.3.0-5.8.1

libvirt-daemon-driver-network-3.3.0-5.8.1

libvirt-daemon-driver-nodedev-3.3.0-5.8.1

libvirt-daemon-driver-nwfilter-3.3.0-5.8.1

libvirt-daemon-driver-qemu-3.3.0-5.8.1

libvirt-daemon-driver-secret-3.3.0-5.8.1

libvirt-daemon-driver-storage-3.3.0-5.8.1

libvirt-daemon-driver-storage-core-3.3.0-5.8.1

libvirt-daemon-driver-storage-disk-3.3.0-5.8.1

libvirt-daemon-driver-storage-iscsi-3.3.0-5.8.1

libvirt-daemon-driver-storage-logical-3.3.0-5.8.1

libvirt-daemon-driver-storage-mpath-3.3.0-5.8.1

libvirt-daemon-driver-storage-rbd-3.3.0-5.8.1

libvirt-daemon-driver-storage-scsi-3.3.0-5.8.1

libvirt-daemon-lxc-3.3.0-5.8.1

libvirt-daemon-qemu-3.3.0-5.8.1

libvirt-daemon-xen-3.3.0-5.8.1

libvirt-doc-3.3.0-5.8.1

libvirt-libs-3.3.0-5.8.1

SUSE Linux Enterprise Server 12 SP3

libvirt-3.3.0-5.8.1

libvirt-admin-3.3.0-5.8.1

libvirt-client-3.3.0-5.8.1

libvirt-daemon-3.3.0-5.8.1

libvirt-daemon-config-network-3.3.0-5.8.1

libvirt-daemon-config-nwfilter-3.3.0-5.8.1

libvirt-daemon-driver-interface-3.3.0-5.8.1

libvirt-daemon-driver-libxl-3.3.0-5.8.1

libvirt-daemon-driver-lxc-3.3.0-5.8.1

libvirt-daemon-driver-network-3.3.0-5.8.1

libvirt-daemon-driver-nodedev-3.3.0-5.8.1

libvirt-daemon-driver-nwfilter-3.3.0-5.8.1

libvirt-daemon-driver-qemu-3.3.0-5.8.1

libvirt-daemon-driver-secret-3.3.0-5.8.1

libvirt-daemon-driver-storage-3.3.0-5.8.1

libvirt-daemon-driver-storage-core-3.3.0-5.8.1

libvirt-daemon-driver-storage-disk-3.3.0-5.8.1

libvirt-daemon-driver-storage-iscsi-3.3.0-5.8.1

libvirt-daemon-driver-storage-logical-3.3.0-5.8.1

libvirt-daemon-driver-storage-mpath-3.3.0-5.8.1

libvirt-daemon-driver-storage-rbd-3.3.0-5.8.1

libvirt-daemon-driver-storage-scsi-3.3.0-5.8.1

libvirt-daemon-lxc-3.3.0-5.8.1

libvirt-daemon-qemu-3.3.0-5.8.1

libvirt-daemon-xen-3.3.0-5.8.1

libvirt-doc-3.3.0-5.8.1

libvirt-libs-3.3.0-5.8.1

libvirt-lock-sanlock-3.3.0-5.8.1

libvirt-nss-3.3.0-5.8.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

libvirt-3.3.0-5.8.1

libvirt-admin-3.3.0-5.8.1

libvirt-client-3.3.0-5.8.1

libvirt-daemon-3.3.0-5.8.1

libvirt-daemon-config-network-3.3.0-5.8.1

libvirt-daemon-config-nwfilter-3.3.0-5.8.1

libvirt-daemon-driver-interface-3.3.0-5.8.1

libvirt-daemon-driver-libxl-3.3.0-5.8.1

libvirt-daemon-driver-lxc-3.3.0-5.8.1

libvirt-daemon-driver-network-3.3.0-5.8.1

libvirt-daemon-driver-nodedev-3.3.0-5.8.1

libvirt-daemon-driver-nwfilter-3.3.0-5.8.1

libvirt-daemon-driver-qemu-3.3.0-5.8.1

libvirt-daemon-driver-secret-3.3.0-5.8.1

libvirt-daemon-driver-storage-3.3.0-5.8.1

libvirt-daemon-driver-storage-core-3.3.0-5.8.1

libvirt-daemon-driver-storage-disk-3.3.0-5.8.1

libvirt-daemon-driver-storage-iscsi-3.3.0-5.8.1

libvirt-daemon-driver-storage-logical-3.3.0-5.8.1

libvirt-daemon-driver-storage-mpath-3.3.0-5.8.1

libvirt-daemon-driver-storage-rbd-3.3.0-5.8.1

libvirt-daemon-driver-storage-scsi-3.3.0-5.8.1

libvirt-daemon-lxc-3.3.0-5.8.1

libvirt-daemon-qemu-3.3.0-5.8.1

libvirt-daemon-xen-3.3.0-5.8.1

libvirt-doc-3.3.0-5.8.1

libvirt-libs-3.3.0-5.8.1

libvirt-lock-sanlock-3.3.0-5.8.1

libvirt-nss-3.3.0-5.8.1

SUSE Linux Enterprise Software Development Kit 12 SP3

libvirt-devel-3.3.0-5.8.1

Ссылки

https://www.suse.com/support/update/announcement/2017/suse-su-20172850-1/
Link for SUSE-SU-2017:2850-1
https://lists.suse.com/pipermail/sle-security-updates/2017-October/003354.html
E-Mail link for SUSE-SU-2017:2850-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1062563
SUSE Bug 1062563
https://bugzilla.suse.com/1062620
SUSE Bug 1062620
https://www.suse.com/security/cve/CVE-2017-1000256/
SUSE CVE CVE-2017-1000256 page

Описание

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP3:libvirt-3.3.0-5.8.1

SUSE Linux Enterprise Desktop 12 SP3:libvirt-admin-3.3.0-5.8.1

SUSE Linux Enterprise Desktop 12 SP3:libvirt-client-3.3.0-5.8.1

SUSE Linux Enterprise Desktop 12 SP3:libvirt-daemon-3.3.0-5.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-1000256.html
CVE-2017-1000256
https://bugzilla.suse.com/1062563
SUSE Bug 1062563

SUSE-SU-2017:2850-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

SUSE Linux Enterprise Server 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Software Development Kit 12 SP3

Ссылки

Уязвимость: CVE-2017-1000256

Описание

Затронутые продукты

Ссылки