Описание
Security update for libvirt
This update for libvirt fixes the following issues:
- CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use ioctl's to obtain the dependency tree of disks and drop use of libdevmapper. - bsc#1161883, bsc#1174458
- qemu: Setup emulator thread and cpuset.mems before exec - bsc#1171946
- libxl: Normalize MAC address in device conf on netdev hotplug - bsc#1172052
Список пакетов
Image SLES12-SP5-Azure-SAP-BYOS
libvirt-client-5.1.0-13.9.1
libvirt-libs-5.1.0-13.9.1
Image SLES12-SP5-Azure-SAP-On-Demand
libvirt-client-5.1.0-13.9.1
libvirt-libs-5.1.0-13.9.1
Image SLES12-SP5-EC2-SAP-BYOS
libvirt-client-5.1.0-13.9.1
libvirt-libs-5.1.0-13.9.1
Image SLES12-SP5-EC2-SAP-On-Demand
libvirt-client-5.1.0-13.9.1
libvirt-libs-5.1.0-13.9.1
Image SLES12-SP5-GCE-SAP-BYOS
libvirt-client-5.1.0-13.9.1
libvirt-libs-5.1.0-13.9.1
Image SLES12-SP5-GCE-SAP-On-Demand
libvirt-client-5.1.0-13.9.1
libvirt-libs-5.1.0-13.9.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libvirt-client-5.1.0-13.9.1
libvirt-libs-5.1.0-13.9.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libvirt-client-5.1.0-13.9.1
libvirt-libs-5.1.0-13.9.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libvirt-client-5.1.0-13.9.1
libvirt-libs-5.1.0-13.9.1
SUSE Linux Enterprise Server 12 SP5
libvirt-5.1.0-13.9.1
libvirt-admin-5.1.0-13.9.1
libvirt-client-5.1.0-13.9.1
libvirt-daemon-5.1.0-13.9.1
libvirt-daemon-config-network-5.1.0-13.9.1
libvirt-daemon-config-nwfilter-5.1.0-13.9.1
libvirt-daemon-driver-interface-5.1.0-13.9.1
libvirt-daemon-driver-libxl-5.1.0-13.9.1
libvirt-daemon-driver-lxc-5.1.0-13.9.1
libvirt-daemon-driver-network-5.1.0-13.9.1
libvirt-daemon-driver-nodedev-5.1.0-13.9.1
libvirt-daemon-driver-nwfilter-5.1.0-13.9.1
libvirt-daemon-driver-qemu-5.1.0-13.9.1
libvirt-daemon-driver-secret-5.1.0-13.9.1
libvirt-daemon-driver-storage-5.1.0-13.9.1
libvirt-daemon-driver-storage-core-5.1.0-13.9.1
libvirt-daemon-driver-storage-disk-5.1.0-13.9.1
libvirt-daemon-driver-storage-iscsi-5.1.0-13.9.1
libvirt-daemon-driver-storage-logical-5.1.0-13.9.1
libvirt-daemon-driver-storage-mpath-5.1.0-13.9.1
libvirt-daemon-driver-storage-rbd-5.1.0-13.9.1
libvirt-daemon-driver-storage-scsi-5.1.0-13.9.1
libvirt-daemon-hooks-5.1.0-13.9.1
libvirt-daemon-lxc-5.1.0-13.9.1
libvirt-daemon-qemu-5.1.0-13.9.1
libvirt-daemon-xen-5.1.0-13.9.1
libvirt-doc-5.1.0-13.9.1
libvirt-libs-5.1.0-13.9.1
libvirt-lock-sanlock-5.1.0-13.9.1
libvirt-nss-5.1.0-13.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libvirt-5.1.0-13.9.1
libvirt-admin-5.1.0-13.9.1
libvirt-client-5.1.0-13.9.1
libvirt-daemon-5.1.0-13.9.1
libvirt-daemon-config-network-5.1.0-13.9.1
libvirt-daemon-config-nwfilter-5.1.0-13.9.1
libvirt-daemon-driver-interface-5.1.0-13.9.1
libvirt-daemon-driver-libxl-5.1.0-13.9.1
libvirt-daemon-driver-lxc-5.1.0-13.9.1
libvirt-daemon-driver-network-5.1.0-13.9.1
libvirt-daemon-driver-nodedev-5.1.0-13.9.1
libvirt-daemon-driver-nwfilter-5.1.0-13.9.1
libvirt-daemon-driver-qemu-5.1.0-13.9.1
libvirt-daemon-driver-secret-5.1.0-13.9.1
libvirt-daemon-driver-storage-5.1.0-13.9.1
libvirt-daemon-driver-storage-core-5.1.0-13.9.1
libvirt-daemon-driver-storage-disk-5.1.0-13.9.1
libvirt-daemon-driver-storage-iscsi-5.1.0-13.9.1
libvirt-daemon-driver-storage-logical-5.1.0-13.9.1
libvirt-daemon-driver-storage-mpath-5.1.0-13.9.1
libvirt-daemon-driver-storage-rbd-5.1.0-13.9.1
libvirt-daemon-driver-storage-scsi-5.1.0-13.9.1
libvirt-daemon-hooks-5.1.0-13.9.1
libvirt-daemon-lxc-5.1.0-13.9.1
libvirt-daemon-qemu-5.1.0-13.9.1
libvirt-daemon-xen-5.1.0-13.9.1
libvirt-doc-5.1.0-13.9.1
libvirt-libs-5.1.0-13.9.1
libvirt-lock-sanlock-5.1.0-13.9.1
libvirt-nss-5.1.0-13.9.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libvirt-devel-5.1.0-13.9.1
Ссылки
- Link for SUSE-SU-2020:2233-1
- E-Mail link for SUSE-SU-2020:2233-1
- SUSE Security Ratings
- SUSE Bug 1161883
- SUSE Bug 1171946
- SUSE Bug 1172052
- SUSE Bug 1174458
- SUSE CVE CVE-2020-14339 page
Описание
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
Image SLES12-SP5-Azure-SAP-BYOS:libvirt-client-5.1.0-13.9.1
Image SLES12-SP5-Azure-SAP-BYOS:libvirt-libs-5.1.0-13.9.1
Image SLES12-SP5-Azure-SAP-On-Demand:libvirt-client-5.1.0-13.9.1
Image SLES12-SP5-Azure-SAP-On-Demand:libvirt-libs-5.1.0-13.9.1
Ссылки
- CVE-2020-14339
- SUSE Bug 1174458