SUSE-SU-2019:1285-1

Опубликовано: 17 мая 2019

Источник: suse-cvrf

Описание

Security update for libvirt

This update for libvirt fixes the following issues:

Security issue fixed:

CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595).

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15

libvirt-libs-4.0.0-9.19.4

SUSE Linux Enterprise Module for Server Applications 15

libvirt-4.0.0-9.19.4

libvirt-admin-4.0.0-9.19.4

libvirt-client-4.0.0-9.19.4

libvirt-daemon-4.0.0-9.19.4

libvirt-daemon-config-network-4.0.0-9.19.4

libvirt-daemon-config-nwfilter-4.0.0-9.19.4

libvirt-daemon-driver-interface-4.0.0-9.19.4

libvirt-daemon-driver-libxl-4.0.0-9.19.4

libvirt-daemon-driver-lxc-4.0.0-9.19.4

libvirt-daemon-driver-network-4.0.0-9.19.4

libvirt-daemon-driver-nodedev-4.0.0-9.19.4

libvirt-daemon-driver-nwfilter-4.0.0-9.19.4

libvirt-daemon-driver-qemu-4.0.0-9.19.4

libvirt-daemon-driver-secret-4.0.0-9.19.4

libvirt-daemon-driver-storage-4.0.0-9.19.4

libvirt-daemon-driver-storage-core-4.0.0-9.19.4

libvirt-daemon-driver-storage-disk-4.0.0-9.19.4

libvirt-daemon-driver-storage-iscsi-4.0.0-9.19.4

libvirt-daemon-driver-storage-logical-4.0.0-9.19.4

libvirt-daemon-driver-storage-mpath-4.0.0-9.19.4

libvirt-daemon-driver-storage-rbd-4.0.0-9.19.4

libvirt-daemon-driver-storage-scsi-4.0.0-9.19.4

libvirt-daemon-hooks-4.0.0-9.19.4

libvirt-daemon-lxc-4.0.0-9.19.4

libvirt-daemon-qemu-4.0.0-9.19.4

libvirt-daemon-xen-4.0.0-9.19.4

libvirt-devel-4.0.0-9.19.4

libvirt-doc-4.0.0-9.19.4

libvirt-lock-sanlock-4.0.0-9.19.4

libvirt-nss-4.0.0-9.19.4

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20191285-1/
Link for SUSE-SU-2019:1285-1
https://lists.suse.com/pipermail/sle-security-updates/2019-May/005477.html
E-Mail link for SUSE-SU-2019:1285-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1131595
SUSE Bug 1131595
https://www.suse.com/security/cve/CVE-2019-3886/
SUSE CVE CVE-2019-3886 page

Описание

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15:libvirt-libs-4.0.0-9.19.4

SUSE Linux Enterprise Module for Server Applications 15:libvirt-4.0.0-9.19.4

SUSE Linux Enterprise Module for Server Applications 15:libvirt-admin-4.0.0-9.19.4

SUSE Linux Enterprise Module for Server Applications 15:libvirt-client-4.0.0-9.19.4

Ссылки

https://www.suse.com/security/cve/CVE-2019-3886.html
CVE-2019-3886
https://bugzilla.suse.com/1131595
SUSE Bug 1131595
https://bugzilla.suse.com/1133150
SUSE Bug 1133150
https://bugzilla.suse.com/1138301
SUSE Bug 1138301

SUSE-SU-2019:1285-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15

SUSE Linux Enterprise Module for Server Applications 15

Ссылки

Уязвимость: CVE-2019-3886

Описание

Затронутые продукты

Ссылки