openSUSE-SU-2021:1451-1

Опубликовано: 05 нояб. 2021

Источник: suse-cvrf

Описание

Security update for libvirt

This update for libvirt fixes the following issues:

CVE-2021-3667: Fixed a DoS vulnerability in the libvirt virStoragePoolLookupByTargetPath API. (bsc#1188843)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Список пакетов

openSUSE Leap 15.2

libvirt-6.0.0-lp152.9.15.1

libvirt-admin-6.0.0-lp152.9.15.1

libvirt-bash-completion-6.0.0-lp152.9.15.1

libvirt-client-6.0.0-lp152.9.15.1

libvirt-daemon-6.0.0-lp152.9.15.1

libvirt-daemon-config-network-6.0.0-lp152.9.15.1

libvirt-daemon-config-nwfilter-6.0.0-lp152.9.15.1

libvirt-daemon-driver-interface-6.0.0-lp152.9.15.1

libvirt-daemon-driver-libxl-6.0.0-lp152.9.15.1

libvirt-daemon-driver-lxc-6.0.0-lp152.9.15.1

libvirt-daemon-driver-network-6.0.0-lp152.9.15.1

libvirt-daemon-driver-nodedev-6.0.0-lp152.9.15.1

libvirt-daemon-driver-nwfilter-6.0.0-lp152.9.15.1

libvirt-daemon-driver-qemu-6.0.0-lp152.9.15.1

libvirt-daemon-driver-secret-6.0.0-lp152.9.15.1

libvirt-daemon-driver-storage-6.0.0-lp152.9.15.1

libvirt-daemon-driver-storage-core-6.0.0-lp152.9.15.1

libvirt-daemon-driver-storage-disk-6.0.0-lp152.9.15.1

libvirt-daemon-driver-storage-gluster-6.0.0-lp152.9.15.1

libvirt-daemon-driver-storage-iscsi-6.0.0-lp152.9.15.1

libvirt-daemon-driver-storage-logical-6.0.0-lp152.9.15.1

libvirt-daemon-driver-storage-mpath-6.0.0-lp152.9.15.1

libvirt-daemon-driver-storage-rbd-6.0.0-lp152.9.15.1

libvirt-daemon-driver-storage-scsi-6.0.0-lp152.9.15.1

libvirt-daemon-hooks-6.0.0-lp152.9.15.1

libvirt-daemon-lxc-6.0.0-lp152.9.15.1

libvirt-daemon-qemu-6.0.0-lp152.9.15.1

libvirt-daemon-xen-6.0.0-lp152.9.15.1

libvirt-devel-6.0.0-lp152.9.15.1

libvirt-devel-32bit-6.0.0-lp152.9.15.1

libvirt-doc-6.0.0-lp152.9.15.1

libvirt-libs-6.0.0-lp152.9.15.1

libvirt-lock-sanlock-6.0.0-lp152.9.15.1

libvirt-nss-6.0.0-lp152.9.15.1

wireshark-plugin-libvirt-6.0.0-lp152.9.15.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2CVWPLSZA7CNFAIOW3HV4ZWDNXKWJDSE/
E-Mail link for openSUSE-SU-2021:1451-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1177902
SUSE Bug 1177902
https://bugzilla.suse.com/1186398
SUSE Bug 1186398
https://bugzilla.suse.com/1188232
SUSE Bug 1188232
https://bugzilla.suse.com/1188843
SUSE Bug 1188843
https://bugzilla.suse.com/1190420
SUSE Bug 1190420
https://bugzilla.suse.com/1190693
SUSE Bug 1190693
https://bugzilla.suse.com/1190695
SUSE Bug 1190695
https://www.suse.com/security/cve/CVE-2021-3667/
SUSE CVE CVE-2021-3667 page

Описание

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.

Затронутые продукты

openSUSE Leap 15.2:libvirt-6.0.0-lp152.9.15.1

openSUSE Leap 15.2:libvirt-admin-6.0.0-lp152.9.15.1

openSUSE Leap 15.2:libvirt-bash-completion-6.0.0-lp152.9.15.1

openSUSE Leap 15.2:libvirt-client-6.0.0-lp152.9.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3667.html
CVE-2021-3667
https://bugzilla.suse.com/1188843
SUSE Bug 1188843

openSUSE-SU-2021:1451-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-3667

Описание

Затронутые продукты

Ссылки