Описание
Security update for libvirt
This update for libvirt fixes the following issues:
- CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots (bsc#1253703)
- CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML (bsc#1253278)
Список пакетов
Image SLES15-SP7-SAP-BYOS-Azure
libvirt-client-11.0.0-150700.4.13.1
libvirt-libs-11.0.0-150700.4.13.1
Image SLES15-SP7-SAP-BYOS-GCE
libvirt-client-11.0.0-150700.4.13.1
libvirt-libs-11.0.0-150700.4.13.1
Image SLES15-SP7-SAP-Hardened-BYOS-Azure
libvirt-client-11.0.0-150700.4.13.1
libvirt-libs-11.0.0-150700.4.13.1
Image SLES15-SP7-SAP-Hardened-BYOS-EC2
libvirt-client-11.0.0-150700.4.13.1
libvirt-libs-11.0.0-150700.4.13.1
Image SLES15-SP7-SAP-Hardened-BYOS-GCE
libvirt-client-11.0.0-150700.4.13.1
libvirt-libs-11.0.0-150700.4.13.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libvirt-libs-11.0.0-150700.4.13.1
SUSE Linux Enterprise Module for Server Applications 15 SP7
libvirt-11.0.0-150700.4.13.1
libvirt-client-11.0.0-150700.4.13.1
libvirt-client-qemu-11.0.0-150700.4.13.1
libvirt-daemon-11.0.0-150700.4.13.1
libvirt-daemon-common-11.0.0-150700.4.13.1
libvirt-daemon-config-network-11.0.0-150700.4.13.1
libvirt-daemon-config-nwfilter-11.0.0-150700.4.13.1
libvirt-daemon-driver-interface-11.0.0-150700.4.13.1
libvirt-daemon-driver-libxl-11.0.0-150700.4.13.1
libvirt-daemon-driver-network-11.0.0-150700.4.13.1
libvirt-daemon-driver-nodedev-11.0.0-150700.4.13.1
libvirt-daemon-driver-nwfilter-11.0.0-150700.4.13.1
libvirt-daemon-driver-qemu-11.0.0-150700.4.13.1
libvirt-daemon-driver-secret-11.0.0-150700.4.13.1
libvirt-daemon-driver-storage-11.0.0-150700.4.13.1
libvirt-daemon-driver-storage-core-11.0.0-150700.4.13.1
libvirt-daemon-driver-storage-disk-11.0.0-150700.4.13.1
libvirt-daemon-driver-storage-iscsi-11.0.0-150700.4.13.1
libvirt-daemon-driver-storage-iscsi-direct-11.0.0-150700.4.13.1
libvirt-daemon-driver-storage-logical-11.0.0-150700.4.13.1
libvirt-daemon-driver-storage-mpath-11.0.0-150700.4.13.1
libvirt-daemon-driver-storage-rbd-11.0.0-150700.4.13.1
libvirt-daemon-driver-storage-scsi-11.0.0-150700.4.13.1
libvirt-daemon-hooks-11.0.0-150700.4.13.1
libvirt-daemon-lock-11.0.0-150700.4.13.1
libvirt-daemon-log-11.0.0-150700.4.13.1
libvirt-daemon-plugin-lockd-11.0.0-150700.4.13.1
libvirt-daemon-plugin-sanlock-11.0.0-150700.4.13.1
libvirt-daemon-proxy-11.0.0-150700.4.13.1
libvirt-daemon-qemu-11.0.0-150700.4.13.1
libvirt-daemon-xen-11.0.0-150700.4.13.1
libvirt-devel-11.0.0-150700.4.13.1
libvirt-doc-11.0.0-150700.4.13.1
libvirt-nss-11.0.0-150700.4.13.1
Ссылки
- Link for SUSE-SU-2026:0279-1
- E-Mail link for SUSE-SU-2026:0279-1
- SUSE Security Ratings
- SUSE Bug 1253278
- SUSE Bug 1253703
- SUSE CVE CVE-2025-12748 page
- SUSE CVE CVE-2025-13193 page
Описание
A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.
Затронутые продукты
Image SLES15-SP7-SAP-BYOS-Azure:libvirt-client-11.0.0-150700.4.13.1
Image SLES15-SP7-SAP-BYOS-Azure:libvirt-libs-11.0.0-150700.4.13.1
Image SLES15-SP7-SAP-BYOS-GCE:libvirt-client-11.0.0-150700.4.13.1
Image SLES15-SP7-SAP-BYOS-GCE:libvirt-libs-11.0.0-150700.4.13.1
Ссылки
- CVE-2025-12748
- SUSE Bug 1253277
Описание
A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.
Затронутые продукты
Image SLES15-SP7-SAP-BYOS-Azure:libvirt-client-11.0.0-150700.4.13.1
Image SLES15-SP7-SAP-BYOS-Azure:libvirt-libs-11.0.0-150700.4.13.1
Image SLES15-SP7-SAP-BYOS-GCE:libvirt-client-11.0.0-150700.4.13.1
Image SLES15-SP7-SAP-BYOS-GCE:libvirt-libs-11.0.0-150700.4.13.1
Ссылки
- CVE-2025-13193
- SUSE Bug 1253703