Описание
Security update for libvirt
This update for libvirt fixes the following issues:
- CVE-2015-5313: directory directory traversal privilege escalation vulnerability. (boo#953110)
Список пакетов
openSUSE Leap 42.1
libvirt-1.2.18.2-5.1
libvirt-client-1.2.18.2-5.1
libvirt-client-32bit-1.2.18.2-5.1
libvirt-daemon-1.2.18.2-5.1
libvirt-daemon-config-network-1.2.18.2-5.1
libvirt-daemon-config-nwfilter-1.2.18.2-5.1
libvirt-daemon-driver-interface-1.2.18.2-5.1
libvirt-daemon-driver-libxl-1.2.18.2-5.1
libvirt-daemon-driver-lxc-1.2.18.2-5.1
libvirt-daemon-driver-network-1.2.18.2-5.1
libvirt-daemon-driver-nodedev-1.2.18.2-5.1
libvirt-daemon-driver-nwfilter-1.2.18.2-5.1
libvirt-daemon-driver-qemu-1.2.18.2-5.1
libvirt-daemon-driver-secret-1.2.18.2-5.1
libvirt-daemon-driver-storage-1.2.18.2-5.1
libvirt-daemon-driver-uml-1.2.18.2-5.1
libvirt-daemon-driver-vbox-1.2.18.2-5.1
libvirt-daemon-lxc-1.2.18.2-5.1
libvirt-daemon-qemu-1.2.18.2-5.1
libvirt-daemon-uml-1.2.18.2-5.1
libvirt-daemon-vbox-1.2.18.2-5.1
libvirt-daemon-xen-1.2.18.2-5.1
libvirt-devel-1.2.18.2-5.1
libvirt-devel-32bit-1.2.18.2-5.1
libvirt-doc-1.2.18.2-5.1
libvirt-lock-sanlock-1.2.18.2-5.1
libvirt-login-shell-1.2.18.2-5.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0209-1
- SUSE Security Ratings
Описание
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
Затронутые продукты
openSUSE Leap 42.1:libvirt-1.2.18.2-5.1
openSUSE Leap 42.1:libvirt-client-1.2.18.2-5.1
openSUSE Leap 42.1:libvirt-client-32bit-1.2.18.2-5.1
openSUSE Leap 42.1:libvirt-daemon-1.2.18.2-5.1
Ссылки
- CVE-2015-5313
- SUSE Bug 953110