Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2026:0193-1

Опубликовано: 21 янв. 2026
Источник: suse-cvrf

Описание

Security update for libvirt

This update for libvirt fixes the following issues:

  • CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots (bsc#1253703)
  • CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML (bsc#1253278)

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libvirt-5.1.0-13.45.1
libvirt-admin-5.1.0-13.45.1
libvirt-client-5.1.0-13.45.1
libvirt-daemon-5.1.0-13.45.1
libvirt-daemon-config-network-5.1.0-13.45.1
libvirt-daemon-config-nwfilter-5.1.0-13.45.1
libvirt-daemon-driver-interface-5.1.0-13.45.1
libvirt-daemon-driver-libxl-5.1.0-13.45.1
libvirt-daemon-driver-lxc-5.1.0-13.45.1
libvirt-daemon-driver-network-5.1.0-13.45.1
libvirt-daemon-driver-nodedev-5.1.0-13.45.1
libvirt-daemon-driver-nwfilter-5.1.0-13.45.1
libvirt-daemon-driver-qemu-5.1.0-13.45.1
libvirt-daemon-driver-secret-5.1.0-13.45.1
libvirt-daemon-driver-storage-5.1.0-13.45.1
libvirt-daemon-driver-storage-core-5.1.0-13.45.1
libvirt-daemon-driver-storage-disk-5.1.0-13.45.1
libvirt-daemon-driver-storage-iscsi-5.1.0-13.45.1
libvirt-daemon-driver-storage-logical-5.1.0-13.45.1
libvirt-daemon-driver-storage-mpath-5.1.0-13.45.1
libvirt-daemon-driver-storage-rbd-5.1.0-13.45.1
libvirt-daemon-driver-storage-scsi-5.1.0-13.45.1
libvirt-daemon-hooks-5.1.0-13.45.1
libvirt-daemon-lxc-5.1.0-13.45.1
libvirt-daemon-qemu-5.1.0-13.45.1
libvirt-daemon-xen-5.1.0-13.45.1
libvirt-devel-5.1.0-13.45.1
libvirt-doc-5.1.0-13.45.1
libvirt-libs-5.1.0-13.45.1
libvirt-lock-sanlock-5.1.0-13.45.1
libvirt-nss-5.1.0-13.45.1

Ссылки

Описание

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.

Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libvirt-5.1.0-13.45.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libvirt-admin-5.1.0-13.45.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libvirt-client-5.1.0-13.45.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libvirt-daemon-5.1.0-13.45.1
Ссылки

Описание

A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libvirt-5.1.0-13.45.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libvirt-admin-5.1.0-13.45.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libvirt-client-5.1.0-13.45.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libvirt-daemon-5.1.0-13.45.1
Ссылки