SUSE-SU-2020:1250-1

Опубликовано: 11 мая 2020

Источник: suse-cvrf

Описание

Security update for libvirt

This update for libvirt fixes the following issues:

Security issue fixed:

CVE-2020-10703: Fixed a daemon crash caused by pools without target paths (bsc#1168683).

Non-security issues fixed:

apparmor: avoid copying empty profile name (bsc#1149100).
logging: ensure virtlogd rollover takes priority over logrotate (bsc#1137137).
qemu: Add support for overriding max threads per process limit (bsc#1133719).
util: fix copying bitmap to larger data buffer (bsc#1138734).
virsh: support for setting precopy bandwidth in migrate (bsc#1145586).
virsh: use upstream name for migration precopy bandwidth parameter (bsc#1145586).

Список пакетов

Image SLES15-SAP-Azure

libvirt-client-4.0.0-9.32.1

libvirt-libs-4.0.0-9.32.1

Image SLES15-SAP-Azure-BYOS

libvirt-client-4.0.0-9.32.1

libvirt-libs-4.0.0-9.32.1

Image SLES15-SAP-Azure-LI-BYOS-Production

libvirt-client-4.0.0-9.32.1

libvirt-libs-4.0.0-9.32.1

Image SLES15-SAP-EC2-HVM

libvirt-client-4.0.0-9.32.1

libvirt-libs-4.0.0-9.32.1

Image SLES15-SAP-EC2-HVM-BYOS

libvirt-client-4.0.0-9.32.1

libvirt-libs-4.0.0-9.32.1

Image SLES15-SAP-GCE

libvirt-client-4.0.0-9.32.1

libvirt-libs-4.0.0-9.32.1

Image SLES15-SAP-GCE-BYOS

libvirt-client-4.0.0-9.32.1

libvirt-libs-4.0.0-9.32.1

Image SLES15-SAP-OCI-BYOS

libvirt-client-4.0.0-9.32.1

libvirt-libs-4.0.0-9.32.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

libvirt-4.0.0-9.32.1

libvirt-admin-4.0.0-9.32.1

libvirt-client-4.0.0-9.32.1

libvirt-daemon-4.0.0-9.32.1

libvirt-daemon-config-network-4.0.0-9.32.1

libvirt-daemon-config-nwfilter-4.0.0-9.32.1

libvirt-daemon-driver-interface-4.0.0-9.32.1

libvirt-daemon-driver-libxl-4.0.0-9.32.1

libvirt-daemon-driver-lxc-4.0.0-9.32.1

libvirt-daemon-driver-network-4.0.0-9.32.1

libvirt-daemon-driver-nodedev-4.0.0-9.32.1

libvirt-daemon-driver-nwfilter-4.0.0-9.32.1

libvirt-daemon-driver-qemu-4.0.0-9.32.1

libvirt-daemon-driver-secret-4.0.0-9.32.1

libvirt-daemon-driver-storage-4.0.0-9.32.1

libvirt-daemon-driver-storage-core-4.0.0-9.32.1

libvirt-daemon-driver-storage-disk-4.0.0-9.32.1

libvirt-daemon-driver-storage-iscsi-4.0.0-9.32.1

libvirt-daemon-driver-storage-logical-4.0.0-9.32.1

libvirt-daemon-driver-storage-mpath-4.0.0-9.32.1

libvirt-daemon-driver-storage-rbd-4.0.0-9.32.1

libvirt-daemon-driver-storage-scsi-4.0.0-9.32.1

libvirt-daemon-hooks-4.0.0-9.32.1

libvirt-daemon-lxc-4.0.0-9.32.1

libvirt-daemon-qemu-4.0.0-9.32.1

libvirt-daemon-xen-4.0.0-9.32.1

libvirt-devel-4.0.0-9.32.1

libvirt-doc-4.0.0-9.32.1

libvirt-libs-4.0.0-9.32.1

libvirt-lock-sanlock-4.0.0-9.32.1

libvirt-nss-4.0.0-9.32.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

libvirt-4.0.0-9.32.1

libvirt-admin-4.0.0-9.32.1

libvirt-client-4.0.0-9.32.1

libvirt-daemon-4.0.0-9.32.1

libvirt-daemon-config-network-4.0.0-9.32.1

libvirt-daemon-config-nwfilter-4.0.0-9.32.1

libvirt-daemon-driver-interface-4.0.0-9.32.1

libvirt-daemon-driver-libxl-4.0.0-9.32.1

libvirt-daemon-driver-lxc-4.0.0-9.32.1

libvirt-daemon-driver-network-4.0.0-9.32.1

libvirt-daemon-driver-nodedev-4.0.0-9.32.1

libvirt-daemon-driver-nwfilter-4.0.0-9.32.1

libvirt-daemon-driver-qemu-4.0.0-9.32.1

libvirt-daemon-driver-secret-4.0.0-9.32.1

libvirt-daemon-driver-storage-4.0.0-9.32.1

libvirt-daemon-driver-storage-core-4.0.0-9.32.1

libvirt-daemon-driver-storage-disk-4.0.0-9.32.1

libvirt-daemon-driver-storage-iscsi-4.0.0-9.32.1

libvirt-daemon-driver-storage-logical-4.0.0-9.32.1

libvirt-daemon-driver-storage-mpath-4.0.0-9.32.1

libvirt-daemon-driver-storage-rbd-4.0.0-9.32.1

libvirt-daemon-driver-storage-scsi-4.0.0-9.32.1

libvirt-daemon-hooks-4.0.0-9.32.1

libvirt-daemon-lxc-4.0.0-9.32.1

libvirt-daemon-qemu-4.0.0-9.32.1

libvirt-daemon-xen-4.0.0-9.32.1

libvirt-devel-4.0.0-9.32.1

libvirt-doc-4.0.0-9.32.1

libvirt-libs-4.0.0-9.32.1

libvirt-lock-sanlock-4.0.0-9.32.1

libvirt-nss-4.0.0-9.32.1

SUSE Linux Enterprise Server 15-LTSS

libvirt-4.0.0-9.32.1

libvirt-admin-4.0.0-9.32.1

libvirt-client-4.0.0-9.32.1

libvirt-daemon-4.0.0-9.32.1

libvirt-daemon-config-network-4.0.0-9.32.1

libvirt-daemon-config-nwfilter-4.0.0-9.32.1

libvirt-daemon-driver-interface-4.0.0-9.32.1

libvirt-daemon-driver-libxl-4.0.0-9.32.1

libvirt-daemon-driver-lxc-4.0.0-9.32.1

libvirt-daemon-driver-network-4.0.0-9.32.1

libvirt-daemon-driver-nodedev-4.0.0-9.32.1

libvirt-daemon-driver-nwfilter-4.0.0-9.32.1

libvirt-daemon-driver-qemu-4.0.0-9.32.1

libvirt-daemon-driver-secret-4.0.0-9.32.1

libvirt-daemon-driver-storage-4.0.0-9.32.1

libvirt-daemon-driver-storage-core-4.0.0-9.32.1

libvirt-daemon-driver-storage-disk-4.0.0-9.32.1

libvirt-daemon-driver-storage-iscsi-4.0.0-9.32.1

libvirt-daemon-driver-storage-logical-4.0.0-9.32.1

libvirt-daemon-driver-storage-mpath-4.0.0-9.32.1

libvirt-daemon-driver-storage-rbd-4.0.0-9.32.1

libvirt-daemon-driver-storage-scsi-4.0.0-9.32.1

libvirt-daemon-hooks-4.0.0-9.32.1

libvirt-daemon-lxc-4.0.0-9.32.1

libvirt-daemon-qemu-4.0.0-9.32.1

libvirt-daemon-xen-4.0.0-9.32.1

libvirt-devel-4.0.0-9.32.1

libvirt-doc-4.0.0-9.32.1

libvirt-libs-4.0.0-9.32.1

libvirt-lock-sanlock-4.0.0-9.32.1

libvirt-nss-4.0.0-9.32.1

SUSE Linux Enterprise Server for SAP Applications 15

libvirt-4.0.0-9.32.1

libvirt-admin-4.0.0-9.32.1

libvirt-client-4.0.0-9.32.1

libvirt-daemon-4.0.0-9.32.1

libvirt-daemon-config-network-4.0.0-9.32.1

libvirt-daemon-config-nwfilter-4.0.0-9.32.1

libvirt-daemon-driver-interface-4.0.0-9.32.1

libvirt-daemon-driver-libxl-4.0.0-9.32.1

libvirt-daemon-driver-lxc-4.0.0-9.32.1

libvirt-daemon-driver-network-4.0.0-9.32.1

libvirt-daemon-driver-nodedev-4.0.0-9.32.1

libvirt-daemon-driver-nwfilter-4.0.0-9.32.1

libvirt-daemon-driver-qemu-4.0.0-9.32.1

libvirt-daemon-driver-secret-4.0.0-9.32.1

libvirt-daemon-driver-storage-4.0.0-9.32.1

libvirt-daemon-driver-storage-core-4.0.0-9.32.1

libvirt-daemon-driver-storage-disk-4.0.0-9.32.1

libvirt-daemon-driver-storage-iscsi-4.0.0-9.32.1

libvirt-daemon-driver-storage-logical-4.0.0-9.32.1

libvirt-daemon-driver-storage-mpath-4.0.0-9.32.1

libvirt-daemon-driver-storage-rbd-4.0.0-9.32.1

libvirt-daemon-driver-storage-scsi-4.0.0-9.32.1

libvirt-daemon-hooks-4.0.0-9.32.1

libvirt-daemon-lxc-4.0.0-9.32.1

libvirt-daemon-qemu-4.0.0-9.32.1

libvirt-daemon-xen-4.0.0-9.32.1

libvirt-devel-4.0.0-9.32.1

libvirt-doc-4.0.0-9.32.1

libvirt-libs-4.0.0-9.32.1

libvirt-lock-sanlock-4.0.0-9.32.1

libvirt-nss-4.0.0-9.32.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201250-1/
Link for SUSE-SU-2020:1250-1
https://lists.suse.com/pipermail/sle-security-updates/2020-May/006811.html
E-Mail link for SUSE-SU-2020:1250-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1133719
SUSE Bug 1133719
https://bugzilla.suse.com/1137137
SUSE Bug 1137137
https://bugzilla.suse.com/1138734
SUSE Bug 1138734
https://bugzilla.suse.com/1145586
SUSE Bug 1145586
https://bugzilla.suse.com/1149100
SUSE Bug 1149100
https://bugzilla.suse.com/1168683
SUSE Bug 1168683
https://www.suse.com/security/cve/CVE-2020-10703/
SUSE CVE CVE-2020-10703 page

Описание

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.

Затронутые продукты

Image SLES15-SAP-Azure-BYOS:libvirt-client-4.0.0-9.32.1

Image SLES15-SAP-Azure-BYOS:libvirt-libs-4.0.0-9.32.1

Image SLES15-SAP-Azure-LI-BYOS-Production:libvirt-client-4.0.0-9.32.1

Image SLES15-SAP-Azure-LI-BYOS-Production:libvirt-libs-4.0.0-9.32.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-10703.html
CVE-2020-10703
https://bugzilla.suse.com/1168683
SUSE Bug 1168683

SUSE-SU-2020:1250-1

Описание

Список пакетов

Image SLES15-SAP-Azure

Image SLES15-SAP-Azure-BYOS

Image SLES15-SAP-Azure-LI-BYOS-Production

Image SLES15-SAP-EC2-HVM

Image SLES15-SAP-EC2-HVM-BYOS

Image SLES15-SAP-GCE

Image SLES15-SAP-GCE-BYOS

Image SLES15-SAP-OCI-BYOS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

Ссылки

Уязвимость: CVE-2020-10703

Описание

Затронутые продукты

Ссылки