Oval Definition:oval:org.opensuse.security:def:60881
Revision Date:2020-12-01Version:1
Title:Security update for libvirt (Important)
Description:

This update for libvirt fixes the following issues:

Security issues fixed:

- CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303).

Non-security issues fixed:

- Fixed an issue with short bitmaps when setting vcpu affinity using the vcpupin (bsc#1138734). - Added support for overriding max threads per process limit (bsc#1133719)
Family:unixClass:patch
Status:Reference(s):1013992
1013993
1027282
1041090
1042670
1049086
1073269
1073748
1078326
1078485
1080074
1081750
1084632
1084650
1086001
1091610
1106853
1108627
1108637
1110358
1133719
1137942
1138301
1138303
1138734
1140738
1141329
1141332
1143194
1143273
1144504
1144902
1144903
1145604
1149458
1149792
1149955
1151021
1151839
1153108
1153158
1153161
1153830
1155094
1159035
1160968
1162224
1162367
1162825
1165894
1168994
1170411
1171561
1173812
1174463
1174570
1175534
1176343
1176344
1176345
1176346
1176347
1176348
1176349
1176350
910683
914442
945401
950110
950111
CVE-2014-9636
CVE-2014-9913
CVE-2015-7696
CVE-2015-7697
CVE-2016-9844
CVE-2017-10978
CVE-2017-10983
CVE-2017-10984
CVE-2017-10985
CVE-2017-10986
CVE-2017-10987
CVE-2017-10988
CVE-2017-11613
CVE-2017-18379
CVE-2017-9935
CVE-2018-1000035
CVE-2018-1115
CVE-2018-16335
CVE-2018-17100
CVE-2018-17101
CVE-2018-17795
CVE-2019-10161
CVE-2019-10167
CVE-2019-10218
CVE-2019-10220
CVE-2019-12525
CVE-2019-12529
CVE-2019-12625
CVE-2019-12900
CVE-2019-13057
CVE-2019-13345
CVE-2019-13565
CVE-2019-14835
CVE-2019-16056
CVE-2019-17133
CVE-2019-18348
CVE-2019-9674
CVE-2020-10713
CVE-2020-14308
CVE-2020-14309
CVE-2020-14310
CVE-2020-14311
CVE-2020-14364
CVE-2020-15706
CVE-2020-15707
CVE-2020-25595
CVE-2020-25596
CVE-2020-25597
CVE-2020-25599
CVE-2020-25600
CVE-2020-25601
CVE-2020-25603
CVE-2020-25604
CVE-2020-2583
CVE-2020-2590
CVE-2020-2593
CVE-2020-2601
CVE-2020-2604
CVE-2020-2654
CVE-2020-2659
CVE-2020-8492
SUSE-SU-2017:2202-1
SUSE-SU-2018:1695-1
SUSE-SU-2018:3289-1
SUSE-SU-2019:2227-1
SUSE-SU-2019:2890-1
SUSE-SU-2019:3066-1
SUSE-SU-2020:0261-1
SUSE-SU-2020:1524-1
SUSE-SU-2020:2079-1
SUSE-SU-2020:2787-1
Platform(s):openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libpng16-1.6.34-lp151.3.3 is installed
  • OR libpng16-16-1.6.34-lp151.3.3 is installed
  • OR libpng16-16-32bit-1.6.34-lp151.3.3 is installed
  • OR libpng16-compat-devel-1.6.34-lp151.3.3 is installed
  • OR libpng16-compat-devel-32bit-1.6.34-lp151.3.3 is installed
  • OR libpng16-devel-1.6.34-lp151.3.3 is installed
  • OR libpng16-devel-32bit-1.6.34-lp151.3.3 is installed
  • OR libpng16-tools-1.6.34-lp151.3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • freeradius-server-3.0.15-2.3 is installed
  • OR freeradius-server-doc-3.0.15-2.3 is installed
  • OR freeradius-server-krb5-3.0.15-2.3 is installed
  • OR freeradius-server-ldap-3.0.15-2.3 is installed
  • OR freeradius-server-libs-3.0.15-2.3 is installed
  • OR freeradius-server-mysql-3.0.15-2.3 is installed
  • OR freeradius-server-perl-3.0.15-2.3 is installed
  • OR freeradius-server-postgresql-3.0.15-2.3 is installed
  • OR freeradius-server-python-3.0.15-2.3 is installed
  • OR freeradius-server-sqlite-3.0.15-2.3 is installed
  • OR freeradius-server-utils-3.0.15-2.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND clamav-0.100.3-33.26 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_178-94_91-default-4-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_25-4-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_162-94_72-default-7-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_22-7-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND unzip-6.00-33.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND apache-commons-httpclient-3.1-4 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • libvirt-3.3.0-5.40 is installed
  • OR libvirt-admin-3.3.0-5.40 is installed
  • OR libvirt-client-3.3.0-5.40 is installed
  • OR libvirt-daemon-3.3.0-5.40 is installed
  • OR libvirt-daemon-config-network-3.3.0-5.40 is installed
  • OR libvirt-daemon-config-nwfilter-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-interface-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-libxl-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-lxc-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-network-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-nodedev-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-nwfilter-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-qemu-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-secret-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-core-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-disk-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-iscsi-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-logical-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-mpath-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-rbd-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-scsi-3.3.0-5.40 is installed
  • OR libvirt-daemon-hooks-3.3.0-5.40 is installed
  • OR libvirt-daemon-lxc-3.3.0-5.40 is installed
  • OR libvirt-daemon-qemu-3.3.0-5.40 is installed
  • OR libvirt-daemon-xen-3.3.0-5.40 is installed
  • OR libvirt-doc-3.3.0-5.40 is installed
  • OR libvirt-libs-3.3.0-5.40 is installed
  • OR libvirt-lock-sanlock-3.3.0-5.40 is installed
  • OR libvirt-nss-3.3.0-5.40 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-Django1-1.11.20-3.6 is installed
    • BACK