openSUSE-SU-2025:20100-1

Опубликовано: 27 нояб. 2025

Источник: suse-cvrf

Описание

Security update for libvirt

This update for libvirt fixes the following issues:

CVE-2025-13193: Fixed Information disclosure via world-readable VM snapshots (bsc#1253703)
CVE-2025-12748: Fixed Denial of service in XML parsing (bsc#1253278)

Other fixes:

spec: Adjust dbus dependency (bsc#1253642)
qemu: Add support for Intel TDX (jsc#PED-9265)

Список пакетов

openSUSE Leap 16.0

libvirt-11.4.0-160000.3.1

libvirt-client-11.4.0-160000.3.1

libvirt-client-qemu-11.4.0-160000.3.1

libvirt-daemon-11.4.0-160000.3.1

libvirt-daemon-common-11.4.0-160000.3.1

libvirt-daemon-config-network-11.4.0-160000.3.1

libvirt-daemon-config-nwfilter-11.4.0-160000.3.1

libvirt-daemon-driver-network-11.4.0-160000.3.1

libvirt-daemon-driver-nodedev-11.4.0-160000.3.1

libvirt-daemon-driver-nwfilter-11.4.0-160000.3.1

libvirt-daemon-driver-qemu-11.4.0-160000.3.1

libvirt-daemon-driver-secret-11.4.0-160000.3.1

libvirt-daemon-driver-storage-11.4.0-160000.3.1

libvirt-daemon-driver-storage-core-11.4.0-160000.3.1

libvirt-daemon-driver-storage-disk-11.4.0-160000.3.1

libvirt-daemon-driver-storage-iscsi-11.4.0-160000.3.1

libvirt-daemon-driver-storage-iscsi-direct-11.4.0-160000.3.1

libvirt-daemon-driver-storage-logical-11.4.0-160000.3.1

libvirt-daemon-driver-storage-mpath-11.4.0-160000.3.1

libvirt-daemon-driver-storage-scsi-11.4.0-160000.3.1

libvirt-daemon-hooks-11.4.0-160000.3.1

libvirt-daemon-lock-11.4.0-160000.3.1

libvirt-daemon-log-11.4.0-160000.3.1

libvirt-daemon-plugin-lockd-11.4.0-160000.3.1

libvirt-daemon-proxy-11.4.0-160000.3.1

libvirt-daemon-qemu-11.4.0-160000.3.1

libvirt-devel-11.4.0-160000.3.1

libvirt-doc-11.4.0-160000.3.1

libvirt-libs-11.4.0-160000.3.1

libvirt-nss-11.4.0-160000.3.1

libvirt-ssh-proxy-11.4.0-160000.3.1

wireshark-plugin-libvirt-11.4.0-160000.3.1

Ссылки

https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1253278
SUSE Bug 1253278
https://bugzilla.suse.com/1253642
SUSE Bug 1253642
https://bugzilla.suse.com/1253703
SUSE Bug 1253703
https://www.suse.com/security/cve/CVE-2025-12748/
SUSE CVE CVE-2025-12748 page
https://www.suse.com/security/cve/CVE-2025-13193/
SUSE CVE CVE-2025-13193 page

Описание

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.

Затронутые продукты

openSUSE Leap 16.0:libvirt-11.4.0-160000.3.1

openSUSE Leap 16.0:libvirt-client-11.4.0-160000.3.1

openSUSE Leap 16.0:libvirt-client-qemu-11.4.0-160000.3.1

openSUSE Leap 16.0:libvirt-daemon-11.4.0-160000.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-12748.html
CVE-2025-12748
https://bugzilla.suse.com/1253277
SUSE Bug 1253277

Описание

A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

Затронутые продукты

openSUSE Leap 16.0:libvirt-11.4.0-160000.3.1

openSUSE Leap 16.0:libvirt-client-11.4.0-160000.3.1

openSUSE Leap 16.0:libvirt-client-qemu-11.4.0-160000.3.1

openSUSE Leap 16.0:libvirt-daemon-11.4.0-160000.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-13193.html
CVE-2025-13193
https://bugzilla.suse.com/1253703
SUSE Bug 1253703

openSUSE-SU-2025:20100-1

Описание

Список пакетов

openSUSE Leap 16.0

Ссылки

Уязвимость: CVE-2025-12748

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-13193

Описание

Затронутые продукты

Ссылки