openSUSE-SU-2019:1672-1

Опубликовано: 30 июн. 2019

Источник: suse-cvrf

Описание

Security update for libvirt

This update for libvirt fixes the following issues:

Security issues fixed:

CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301).
CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302).
CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303).

Other issue addressed:

spec: add systemd-container dependency to qemu and lxc drivers (bsc#1136109).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

libvirt-4.0.0-lp150.7.18.2

libvirt-admin-4.0.0-lp150.7.18.2

libvirt-client-4.0.0-lp150.7.18.2

libvirt-daemon-4.0.0-lp150.7.18.2

libvirt-daemon-config-network-4.0.0-lp150.7.18.2

libvirt-daemon-config-nwfilter-4.0.0-lp150.7.18.2

libvirt-daemon-driver-interface-4.0.0-lp150.7.18.2

libvirt-daemon-driver-libxl-4.0.0-lp150.7.18.2

libvirt-daemon-driver-lxc-4.0.0-lp150.7.18.2

libvirt-daemon-driver-network-4.0.0-lp150.7.18.2

libvirt-daemon-driver-nodedev-4.0.0-lp150.7.18.2

libvirt-daemon-driver-nwfilter-4.0.0-lp150.7.18.2

libvirt-daemon-driver-qemu-4.0.0-lp150.7.18.2

libvirt-daemon-driver-secret-4.0.0-lp150.7.18.2

libvirt-daemon-driver-storage-4.0.0-lp150.7.18.2

libvirt-daemon-driver-storage-core-4.0.0-lp150.7.18.2

libvirt-daemon-driver-storage-disk-4.0.0-lp150.7.18.2

libvirt-daemon-driver-storage-iscsi-4.0.0-lp150.7.18.2

libvirt-daemon-driver-storage-logical-4.0.0-lp150.7.18.2

libvirt-daemon-driver-storage-mpath-4.0.0-lp150.7.18.2

libvirt-daemon-driver-storage-rbd-4.0.0-lp150.7.18.2

libvirt-daemon-driver-storage-scsi-4.0.0-lp150.7.18.2

libvirt-daemon-driver-uml-4.0.0-lp150.7.18.2

libvirt-daemon-driver-vbox-4.0.0-lp150.7.18.2

libvirt-daemon-hooks-4.0.0-lp150.7.18.2

libvirt-daemon-lxc-4.0.0-lp150.7.18.2

libvirt-daemon-qemu-4.0.0-lp150.7.18.2

libvirt-daemon-uml-4.0.0-lp150.7.18.2

libvirt-daemon-vbox-4.0.0-lp150.7.18.2

libvirt-daemon-xen-4.0.0-lp150.7.18.2

libvirt-devel-4.0.0-lp150.7.18.2

libvirt-devel-32bit-4.0.0-lp150.7.18.2

libvirt-doc-4.0.0-lp150.7.18.2

libvirt-libs-4.0.0-lp150.7.18.2

libvirt-lock-sanlock-4.0.0-lp150.7.18.2

libvirt-nss-4.0.0-lp150.7.18.2

wireshark-plugin-libvirt-4.0.0-lp150.7.18.2

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EX33W6SJQ2N6Y4VRWHLRPU5IT2Q2GTSQ/#EX33W6SJQ2N6Y4VRWHLRPU5IT2Q2GTSQ
E-Mail link for openSUSE-SU-2019:1672-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1136109
SUSE Bug 1136109
https://bugzilla.suse.com/1138301
SUSE Bug 1138301
https://bugzilla.suse.com/1138302
SUSE Bug 1138302
https://bugzilla.suse.com/1138303
SUSE Bug 1138303
https://www.suse.com/security/cve/CVE-2019-10161/
SUSE CVE CVE-2019-10161 page
https://www.suse.com/security/cve/CVE-2019-10166/
SUSE CVE CVE-2019-10166 page
https://www.suse.com/security/cve/CVE-2019-10167/
SUSE CVE CVE-2019-10167 page

Описание

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

Затронутые продукты

openSUSE Leap 15.0:libvirt-4.0.0-lp150.7.18.2

openSUSE Leap 15.0:libvirt-admin-4.0.0-lp150.7.18.2

openSUSE Leap 15.0:libvirt-client-4.0.0-lp150.7.18.2

openSUSE Leap 15.0:libvirt-daemon-4.0.0-lp150.7.18.2

Ссылки

https://www.suse.com/security/cve/CVE-2019-10161.html
CVE-2019-10161
https://bugzilla.suse.com/1138301
SUSE Bug 1138301

Описание

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.

Затронутые продукты

openSUSE Leap 15.0:libvirt-4.0.0-lp150.7.18.2

openSUSE Leap 15.0:libvirt-admin-4.0.0-lp150.7.18.2

openSUSE Leap 15.0:libvirt-client-4.0.0-lp150.7.18.2

openSUSE Leap 15.0:libvirt-daemon-4.0.0-lp150.7.18.2

Ссылки

https://www.suse.com/security/cve/CVE-2019-10166.html
CVE-2019-10166
https://bugzilla.suse.com/1138302
SUSE Bug 1138302

Описание

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

Затронутые продукты

openSUSE Leap 15.0:libvirt-4.0.0-lp150.7.18.2

openSUSE Leap 15.0:libvirt-admin-4.0.0-lp150.7.18.2

openSUSE Leap 15.0:libvirt-client-4.0.0-lp150.7.18.2

openSUSE Leap 15.0:libvirt-daemon-4.0.0-lp150.7.18.2

Ссылки

https://www.suse.com/security/cve/CVE-2019-10167.html
CVE-2019-10167
https://bugzilla.suse.com/1138303
SUSE Bug 1138303

openSUSE-SU-2019:1672-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2019-10161

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-10166

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-10167

Описание

Затронутые продукты

Ссылки