Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2026:0068-1

Опубликовано: 08 янв. 2026
Источник: suse-cvrf

Описание

Security update for libvirt

This update for libvirt fixes the following issues:

  • CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots (bsc#1253703)
  • CVE-2025-12748: Fixed Check ACLs before parsing the whole domain XML (bsc#1253278)

Список пакетов

openSUSE Leap 15.6
libvirt-10.0.0-150600.8.12.1
libvirt-client-10.0.0-150600.8.12.1
libvirt-client-qemu-10.0.0-150600.8.12.1
libvirt-daemon-10.0.0-150600.8.12.1
libvirt-daemon-common-10.0.0-150600.8.12.1
libvirt-daemon-config-network-10.0.0-150600.8.12.1
libvirt-daemon-config-nwfilter-10.0.0-150600.8.12.1
libvirt-daemon-driver-interface-10.0.0-150600.8.12.1
libvirt-daemon-driver-libxl-10.0.0-150600.8.12.1
libvirt-daemon-driver-lxc-10.0.0-150600.8.12.1
libvirt-daemon-driver-network-10.0.0-150600.8.12.1
libvirt-daemon-driver-nodedev-10.0.0-150600.8.12.1
libvirt-daemon-driver-nwfilter-10.0.0-150600.8.12.1
libvirt-daemon-driver-qemu-10.0.0-150600.8.12.1
libvirt-daemon-driver-secret-10.0.0-150600.8.12.1
libvirt-daemon-driver-storage-10.0.0-150600.8.12.1
libvirt-daemon-driver-storage-core-10.0.0-150600.8.12.1
libvirt-daemon-driver-storage-disk-10.0.0-150600.8.12.1
libvirt-daemon-driver-storage-gluster-10.0.0-150600.8.12.1
libvirt-daemon-driver-storage-iscsi-10.0.0-150600.8.12.1
libvirt-daemon-driver-storage-iscsi-direct-10.0.0-150600.8.12.1
libvirt-daemon-driver-storage-logical-10.0.0-150600.8.12.1
libvirt-daemon-driver-storage-mpath-10.0.0-150600.8.12.1
libvirt-daemon-driver-storage-rbd-10.0.0-150600.8.12.1
libvirt-daemon-driver-storage-scsi-10.0.0-150600.8.12.1
libvirt-daemon-hooks-10.0.0-150600.8.12.1
libvirt-daemon-lock-10.0.0-150600.8.12.1
libvirt-daemon-log-10.0.0-150600.8.12.1
libvirt-daemon-lxc-10.0.0-150600.8.12.1
libvirt-daemon-plugin-lockd-10.0.0-150600.8.12.1
libvirt-daemon-plugin-sanlock-10.0.0-150600.8.12.1
libvirt-daemon-proxy-10.0.0-150600.8.12.1
libvirt-daemon-qemu-10.0.0-150600.8.12.1
libvirt-daemon-xen-10.0.0-150600.8.12.1
libvirt-devel-10.0.0-150600.8.12.1
libvirt-devel-32bit-10.0.0-150600.8.12.1
libvirt-doc-10.0.0-150600.8.12.1
libvirt-libs-10.0.0-150600.8.12.1
libvirt-nss-10.0.0-150600.8.12.1
wireshark-plugin-libvirt-10.0.0-150600.8.12.1

Ссылки

Описание

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.

Затронутые продукты
openSUSE Leap 15.6:libvirt-10.0.0-150600.8.12.1
openSUSE Leap 15.6:libvirt-client-10.0.0-150600.8.12.1
openSUSE Leap 15.6:libvirt-client-qemu-10.0.0-150600.8.12.1
openSUSE Leap 15.6:libvirt-daemon-10.0.0-150600.8.12.1
Ссылки

Описание

A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

Затронутые продукты
openSUSE Leap 15.6:libvirt-10.0.0-150600.8.12.1
openSUSE Leap 15.6:libvirt-client-10.0.0-150600.8.12.1
openSUSE Leap 15.6:libvirt-client-qemu-10.0.0-150600.8.12.1
openSUSE Leap 15.6:libvirt-daemon-10.0.0-150600.8.12.1
Ссылки