Описание
Security update for libvirt
This update for libvirt fixes the following issues:
Security issues fixed:
- CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458).
Other issues fixed:
- libxl: save current memory value after successful balloon (bsc#1120813).
- spec: Don't restart libvirt-guests when updating libvirt-client (bsc#1104662).
Список пакетов
SUSE Enterprise Storage 4
libvirt-2.0.0-27.48.1
libvirt-client-2.0.0-27.48.1
libvirt-daemon-2.0.0-27.48.1
libvirt-daemon-config-network-2.0.0-27.48.1
libvirt-daemon-config-nwfilter-2.0.0-27.48.1
libvirt-daemon-driver-interface-2.0.0-27.48.1
libvirt-daemon-driver-libxl-2.0.0-27.48.1
libvirt-daemon-driver-lxc-2.0.0-27.48.1
libvirt-daemon-driver-network-2.0.0-27.48.1
libvirt-daemon-driver-nodedev-2.0.0-27.48.1
libvirt-daemon-driver-nwfilter-2.0.0-27.48.1
libvirt-daemon-driver-qemu-2.0.0-27.48.1
libvirt-daemon-driver-secret-2.0.0-27.48.1
libvirt-daemon-driver-storage-2.0.0-27.48.1
libvirt-daemon-hooks-2.0.0-27.48.1
libvirt-daemon-lxc-2.0.0-27.48.1
libvirt-daemon-qemu-2.0.0-27.48.1
libvirt-daemon-xen-2.0.0-27.48.1
libvirt-doc-2.0.0-27.48.1
libvirt-lock-sanlock-2.0.0-27.48.1
libvirt-nss-2.0.0-27.48.1
SUSE Linux Enterprise Server 12 SP2-BCL
libvirt-2.0.0-27.48.1
libvirt-client-2.0.0-27.48.1
libvirt-daemon-2.0.0-27.48.1
libvirt-daemon-config-network-2.0.0-27.48.1
libvirt-daemon-config-nwfilter-2.0.0-27.48.1
libvirt-daemon-driver-interface-2.0.0-27.48.1
libvirt-daemon-driver-libxl-2.0.0-27.48.1
libvirt-daemon-driver-lxc-2.0.0-27.48.1
libvirt-daemon-driver-network-2.0.0-27.48.1
libvirt-daemon-driver-nodedev-2.0.0-27.48.1
libvirt-daemon-driver-nwfilter-2.0.0-27.48.1
libvirt-daemon-driver-qemu-2.0.0-27.48.1
libvirt-daemon-driver-secret-2.0.0-27.48.1
libvirt-daemon-driver-storage-2.0.0-27.48.1
libvirt-daemon-hooks-2.0.0-27.48.1
libvirt-daemon-lxc-2.0.0-27.48.1
libvirt-daemon-qemu-2.0.0-27.48.1
libvirt-daemon-xen-2.0.0-27.48.1
libvirt-doc-2.0.0-27.48.1
libvirt-lock-sanlock-2.0.0-27.48.1
libvirt-nss-2.0.0-27.48.1
SUSE Linux Enterprise Server 12 SP2-LTSS
libvirt-2.0.0-27.48.1
libvirt-client-2.0.0-27.48.1
libvirt-daemon-2.0.0-27.48.1
libvirt-daemon-config-network-2.0.0-27.48.1
libvirt-daemon-config-nwfilter-2.0.0-27.48.1
libvirt-daemon-driver-interface-2.0.0-27.48.1
libvirt-daemon-driver-libxl-2.0.0-27.48.1
libvirt-daemon-driver-lxc-2.0.0-27.48.1
libvirt-daemon-driver-network-2.0.0-27.48.1
libvirt-daemon-driver-nodedev-2.0.0-27.48.1
libvirt-daemon-driver-nwfilter-2.0.0-27.48.1
libvirt-daemon-driver-qemu-2.0.0-27.48.1
libvirt-daemon-driver-secret-2.0.0-27.48.1
libvirt-daemon-driver-storage-2.0.0-27.48.1
libvirt-daemon-hooks-2.0.0-27.48.1
libvirt-daemon-lxc-2.0.0-27.48.1
libvirt-daemon-qemu-2.0.0-27.48.1
libvirt-daemon-xen-2.0.0-27.48.1
libvirt-doc-2.0.0-27.48.1
libvirt-lock-sanlock-2.0.0-27.48.1
libvirt-nss-2.0.0-27.48.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libvirt-2.0.0-27.48.1
libvirt-client-2.0.0-27.48.1
libvirt-daemon-2.0.0-27.48.1
libvirt-daemon-config-network-2.0.0-27.48.1
libvirt-daemon-config-nwfilter-2.0.0-27.48.1
libvirt-daemon-driver-interface-2.0.0-27.48.1
libvirt-daemon-driver-libxl-2.0.0-27.48.1
libvirt-daemon-driver-lxc-2.0.0-27.48.1
libvirt-daemon-driver-network-2.0.0-27.48.1
libvirt-daemon-driver-nodedev-2.0.0-27.48.1
libvirt-daemon-driver-nwfilter-2.0.0-27.48.1
libvirt-daemon-driver-qemu-2.0.0-27.48.1
libvirt-daemon-driver-secret-2.0.0-27.48.1
libvirt-daemon-driver-storage-2.0.0-27.48.1
libvirt-daemon-hooks-2.0.0-27.48.1
libvirt-daemon-lxc-2.0.0-27.48.1
libvirt-daemon-qemu-2.0.0-27.48.1
libvirt-daemon-xen-2.0.0-27.48.1
libvirt-doc-2.0.0-27.48.1
libvirt-lock-sanlock-2.0.0-27.48.1
libvirt-nss-2.0.0-27.48.1
SUSE OpenStack Cloud 7
libvirt-2.0.0-27.48.1
libvirt-client-2.0.0-27.48.1
libvirt-daemon-2.0.0-27.48.1
libvirt-daemon-config-network-2.0.0-27.48.1
libvirt-daemon-config-nwfilter-2.0.0-27.48.1
libvirt-daemon-driver-interface-2.0.0-27.48.1
libvirt-daemon-driver-libxl-2.0.0-27.48.1
libvirt-daemon-driver-lxc-2.0.0-27.48.1
libvirt-daemon-driver-network-2.0.0-27.48.1
libvirt-daemon-driver-nodedev-2.0.0-27.48.1
libvirt-daemon-driver-nwfilter-2.0.0-27.48.1
libvirt-daemon-driver-qemu-2.0.0-27.48.1
libvirt-daemon-driver-secret-2.0.0-27.48.1
libvirt-daemon-driver-storage-2.0.0-27.48.1
libvirt-daemon-hooks-2.0.0-27.48.1
libvirt-daemon-lxc-2.0.0-27.48.1
libvirt-daemon-qemu-2.0.0-27.48.1
libvirt-daemon-xen-2.0.0-27.48.1
libvirt-doc-2.0.0-27.48.1
libvirt-lock-sanlock-2.0.0-27.48.1
libvirt-nss-2.0.0-27.48.1
Ссылки
- Link for SUSE-SU-2019:0553-1
- E-Mail link for SUSE-SU-2019:0553-1
- SUSE Security Ratings
- SUSE Bug 1104662
- SUSE Bug 1120813
- SUSE Bug 1127458
- SUSE CVE CVE-2019-3840 page
Описание
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
Затронутые продукты
SUSE Enterprise Storage 4:libvirt-2.0.0-27.48.1
SUSE Enterprise Storage 4:libvirt-client-2.0.0-27.48.1
SUSE Enterprise Storage 4:libvirt-daemon-2.0.0-27.48.1
SUSE Enterprise Storage 4:libvirt-daemon-config-network-2.0.0-27.48.1
Ссылки
- CVE-2019-3840
- SUSE Bug 1127458