Описание
Security update for libvirt
This update for libvirt fixes the following issues:
Security issues fixed:
- CVE-2020-10703: Fixed a daemon crash caused by pools without target paths (bsc#1168683).
- CVE-2020-12430: Fixed a memory leak in qemuDomainGetStatsIOThread (bsc#1170765).
Non-security issues fixed:
- Support setting credit2 scheduler parameters for xen (bsc#1162160).
- Enable use of newer libxl APIs for retrieving memory statistics (bsc#1157490, bsc#1167007).
- Create multipath targets for qemu PR (bsc#1161883).
Список пакетов
Image SLES12-SP5-Azure-SAP-BYOS
libvirt-client-5.1.0-13.6.2
libvirt-libs-5.1.0-13.6.2
Image SLES12-SP5-Azure-SAP-On-Demand
libvirt-client-5.1.0-13.6.2
libvirt-libs-5.1.0-13.6.2
Image SLES12-SP5-EC2-SAP-BYOS
libvirt-client-5.1.0-13.6.2
libvirt-libs-5.1.0-13.6.2
Image SLES12-SP5-EC2-SAP-On-Demand
libvirt-client-5.1.0-13.6.2
libvirt-libs-5.1.0-13.6.2
Image SLES12-SP5-GCE-SAP-BYOS
libvirt-client-5.1.0-13.6.2
libvirt-libs-5.1.0-13.6.2
Image SLES12-SP5-GCE-SAP-On-Demand
libvirt-client-5.1.0-13.6.2
libvirt-libs-5.1.0-13.6.2
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libvirt-client-5.1.0-13.6.2
libvirt-libs-5.1.0-13.6.2
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libvirt-client-5.1.0-13.6.2
libvirt-libs-5.1.0-13.6.2
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libvirt-client-5.1.0-13.6.2
libvirt-libs-5.1.0-13.6.2
SUSE Linux Enterprise Server 12 SP5
libvirt-5.1.0-13.6.2
libvirt-admin-5.1.0-13.6.2
libvirt-client-5.1.0-13.6.2
libvirt-daemon-5.1.0-13.6.2
libvirt-daemon-config-network-5.1.0-13.6.2
libvirt-daemon-config-nwfilter-5.1.0-13.6.2
libvirt-daemon-driver-interface-5.1.0-13.6.2
libvirt-daemon-driver-libxl-5.1.0-13.6.2
libvirt-daemon-driver-lxc-5.1.0-13.6.2
libvirt-daemon-driver-network-5.1.0-13.6.2
libvirt-daemon-driver-nodedev-5.1.0-13.6.2
libvirt-daemon-driver-nwfilter-5.1.0-13.6.2
libvirt-daemon-driver-qemu-5.1.0-13.6.2
libvirt-daemon-driver-secret-5.1.0-13.6.2
libvirt-daemon-driver-storage-5.1.0-13.6.2
libvirt-daemon-driver-storage-core-5.1.0-13.6.2
libvirt-daemon-driver-storage-disk-5.1.0-13.6.2
libvirt-daemon-driver-storage-iscsi-5.1.0-13.6.2
libvirt-daemon-driver-storage-logical-5.1.0-13.6.2
libvirt-daemon-driver-storage-mpath-5.1.0-13.6.2
libvirt-daemon-driver-storage-rbd-5.1.0-13.6.2
libvirt-daemon-driver-storage-scsi-5.1.0-13.6.2
libvirt-daemon-hooks-5.1.0-13.6.2
libvirt-daemon-lxc-5.1.0-13.6.2
libvirt-daemon-qemu-5.1.0-13.6.2
libvirt-daemon-xen-5.1.0-13.6.2
libvirt-doc-5.1.0-13.6.2
libvirt-libs-5.1.0-13.6.2
libvirt-lock-sanlock-5.1.0-13.6.2
libvirt-nss-5.1.0-13.6.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libvirt-5.1.0-13.6.2
libvirt-admin-5.1.0-13.6.2
libvirt-client-5.1.0-13.6.2
libvirt-daemon-5.1.0-13.6.2
libvirt-daemon-config-network-5.1.0-13.6.2
libvirt-daemon-config-nwfilter-5.1.0-13.6.2
libvirt-daemon-driver-interface-5.1.0-13.6.2
libvirt-daemon-driver-libxl-5.1.0-13.6.2
libvirt-daemon-driver-lxc-5.1.0-13.6.2
libvirt-daemon-driver-network-5.1.0-13.6.2
libvirt-daemon-driver-nodedev-5.1.0-13.6.2
libvirt-daemon-driver-nwfilter-5.1.0-13.6.2
libvirt-daemon-driver-qemu-5.1.0-13.6.2
libvirt-daemon-driver-secret-5.1.0-13.6.2
libvirt-daemon-driver-storage-5.1.0-13.6.2
libvirt-daemon-driver-storage-core-5.1.0-13.6.2
libvirt-daemon-driver-storage-disk-5.1.0-13.6.2
libvirt-daemon-driver-storage-iscsi-5.1.0-13.6.2
libvirt-daemon-driver-storage-logical-5.1.0-13.6.2
libvirt-daemon-driver-storage-mpath-5.1.0-13.6.2
libvirt-daemon-driver-storage-rbd-5.1.0-13.6.2
libvirt-daemon-driver-storage-scsi-5.1.0-13.6.2
libvirt-daemon-hooks-5.1.0-13.6.2
libvirt-daemon-lxc-5.1.0-13.6.2
libvirt-daemon-qemu-5.1.0-13.6.2
libvirt-daemon-xen-5.1.0-13.6.2
libvirt-doc-5.1.0-13.6.2
libvirt-libs-5.1.0-13.6.2
libvirt-lock-sanlock-5.1.0-13.6.2
libvirt-nss-5.1.0-13.6.2
SUSE Linux Enterprise Software Development Kit 12 SP5
libvirt-devel-5.1.0-13.6.2
Ссылки
- Link for SUSE-SU-2020:1277-1
- E-Mail link for SUSE-SU-2020:1277-1
- SUSE Security Ratings
- SUSE Bug 1157490
- SUSE Bug 1161883
- SUSE Bug 1162160
- SUSE Bug 1167007
- SUSE Bug 1168683
- SUSE Bug 1170765
- SUSE CVE CVE-2020-10703 page
- SUSE CVE CVE-2020-12430 page
Описание
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.
Затронутые продукты
Image SLES12-SP5-Azure-SAP-BYOS:libvirt-client-5.1.0-13.6.2
Image SLES12-SP5-Azure-SAP-BYOS:libvirt-libs-5.1.0-13.6.2
Image SLES12-SP5-Azure-SAP-On-Demand:libvirt-client-5.1.0-13.6.2
Image SLES12-SP5-Azure-SAP-On-Demand:libvirt-libs-5.1.0-13.6.2
Ссылки
- CVE-2020-10703
- SUSE Bug 1168683
Описание
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.
Затронутые продукты
Image SLES12-SP5-Azure-SAP-BYOS:libvirt-client-5.1.0-13.6.2
Image SLES12-SP5-Azure-SAP-BYOS:libvirt-libs-5.1.0-13.6.2
Image SLES12-SP5-Azure-SAP-On-Demand:libvirt-client-5.1.0-13.6.2
Image SLES12-SP5-Azure-SAP-On-Demand:libvirt-libs-5.1.0-13.6.2
Ссылки
- CVE-2020-12430
- SUSE Bug 1170765