Описание
Security update for libvirt
This update for libvirt fixes the following issues:
Security issues fixed:
- CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458).
- CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595).
Other issue addressed:
- cpu: add Skylake-Server and Skylake-Server-IBRS CPU models (FATE#327261, bsc#1131955)
- libxl: save current memory value after successful balloon (bsc#1120813).
- libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325).
- conf: add new 'xenbus' controller type
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Список пакетов
openSUSE Leap 42.3
libvirt-3.3.0-24.1
libvirt-admin-3.3.0-24.1
libvirt-client-3.3.0-24.1
libvirt-daemon-3.3.0-24.1
libvirt-daemon-config-network-3.3.0-24.1
libvirt-daemon-config-nwfilter-3.3.0-24.1
libvirt-daemon-driver-interface-3.3.0-24.1
libvirt-daemon-driver-libxl-3.3.0-24.1
libvirt-daemon-driver-lxc-3.3.0-24.1
libvirt-daemon-driver-network-3.3.0-24.1
libvirt-daemon-driver-nodedev-3.3.0-24.1
libvirt-daemon-driver-nwfilter-3.3.0-24.1
libvirt-daemon-driver-qemu-3.3.0-24.1
libvirt-daemon-driver-secret-3.3.0-24.1
libvirt-daemon-driver-storage-3.3.0-24.1
libvirt-daemon-driver-storage-core-3.3.0-24.1
libvirt-daemon-driver-storage-disk-3.3.0-24.1
libvirt-daemon-driver-storage-iscsi-3.3.0-24.1
libvirt-daemon-driver-storage-logical-3.3.0-24.1
libvirt-daemon-driver-storage-mpath-3.3.0-24.1
libvirt-daemon-driver-storage-rbd-3.3.0-24.1
libvirt-daemon-driver-storage-scsi-3.3.0-24.1
libvirt-daemon-driver-uml-3.3.0-24.1
libvirt-daemon-driver-vbox-3.3.0-24.1
libvirt-daemon-hooks-3.3.0-24.1
libvirt-daemon-lxc-3.3.0-24.1
libvirt-daemon-qemu-3.3.0-24.1
libvirt-daemon-uml-3.3.0-24.1
libvirt-daemon-vbox-3.3.0-24.1
libvirt-daemon-xen-3.3.0-24.1
libvirt-devel-3.3.0-24.1
libvirt-devel-32bit-3.3.0-24.1
libvirt-doc-3.3.0-24.1
libvirt-libs-3.3.0-24.1
libvirt-lock-sanlock-3.3.0-24.1
libvirt-nss-3.3.0-24.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1294-1
- SUSE Security Ratings
Описание
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
Затронутые продукты
openSUSE Leap 42.3:libvirt-3.3.0-24.1
openSUSE Leap 42.3:libvirt-admin-3.3.0-24.1
openSUSE Leap 42.3:libvirt-client-3.3.0-24.1
openSUSE Leap 42.3:libvirt-daemon-3.3.0-24.1
Ссылки
- CVE-2019-3840
- SUSE Bug 1127458
Описание
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
Затронутые продукты
openSUSE Leap 42.3:libvirt-3.3.0-24.1
openSUSE Leap 42.3:libvirt-admin-3.3.0-24.1
openSUSE Leap 42.3:libvirt-client-3.3.0-24.1
openSUSE Leap 42.3:libvirt-daemon-3.3.0-24.1
Ссылки
- CVE-2019-3886
- SUSE Bug 1131595
- SUSE Bug 1133150
- SUSE Bug 1138301