Описание
Security update for libvirt and libvirt-python
This update for libvirt and libvirt-python fixes the following issues:
libvirt:
- CVE-2016-10746: Fixed an authentication bypass where a guest agent with a read only connection could call virDomainGetTime API calls (bsc#1133150).
- rpc: increase the size of REMOTE_MIGRATE_COOKIE_MAX (bsc#1134783).
libvirt-python:
- Fixes a memory leak in libvirt-python (bsc#1140252)
Список пакетов
SUSE Linux Enterprise Server 11 SP4-LTSS
libvirt-1.2.5-23.24.1
libvirt-client-1.2.5-23.24.1
libvirt-client-32bit-1.2.5-23.24.1
libvirt-doc-1.2.5-23.24.1
libvirt-lock-sanlock-1.2.5-23.24.1
libvirt-python-1.2.5-3.3.2
Ссылки
- Link for SUSE-SU-2019:14146-1
- E-Mail link for SUSE-SU-2019:14146-1
- SUSE Security Ratings
- SUSE Bug 1133150
- SUSE Bug 1134783
- SUSE Bug 1140252
- SUSE CVE CVE-2016-10746 page
Описание
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4-LTSS:libvirt-1.2.5-23.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libvirt-client-1.2.5-23.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libvirt-client-32bit-1.2.5-23.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libvirt-doc-1.2.5-23.24.1
Ссылки
- CVE-2016-10746
- SUSE Bug 1133150