Oval Definition:oval:org.opensuse.security:def:69434
Revision Date:2020-12-01Version:1
Title:Security update for libvirt (Important)
Description:

This update for libvirt fixes the following issues:

Security issues fixed:

- CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). - CVE-2019-10168: Fixed an issue with virConnect*HypervisorCPU API which could have been used to execute arbitrary emulators (bsc#1138305).
Family:unixClass:patch
Status:Reference(s):1138301
1138302
1138303
1138305
1166916
1172442
1172443
CVE-2019-10161
CVE-2019-10166
CVE-2019-10167
CVE-2019-10168
CVE-2020-11080
CVE-2020-7598
CVE-2020-8174
SUSE-SU-2019:1643-1
SUSE-SU-2020:1576-1
Platform(s):SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Module for Web Scripting 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
  • AND Package Information
  • libvirt-5.1.0-8.6 is installed
  • OR libvirt-admin-5.1.0-8.6 is installed
  • OR libvirt-bash-completion-5.1.0-8.6 is installed
  • OR libvirt-client-5.1.0-8.6 is installed
  • OR libvirt-daemon-5.1.0-8.6 is installed
  • OR libvirt-daemon-config-network-5.1.0-8.6 is installed
  • OR libvirt-daemon-config-nwfilter-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-interface-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-libxl-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-lxc-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-network-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-nodedev-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-nwfilter-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-qemu-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-secret-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-storage-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-storage-core-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-storage-disk-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-storage-iscsi-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-storage-logical-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-storage-mpath-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-storage-rbd-5.1.0-8.6 is installed
  • OR libvirt-daemon-driver-storage-scsi-5.1.0-8.6 is installed
  • OR libvirt-daemon-hooks-5.1.0-8.6 is installed
  • OR libvirt-daemon-lxc-5.1.0-8.6 is installed
  • OR libvirt-daemon-qemu-5.1.0-8.6 is installed
  • OR libvirt-daemon-xen-5.1.0-8.6 is installed
  • OR libvirt-devel-5.1.0-8.6 is installed
  • OR libvirt-doc-5.1.0-8.6 is installed
  • OR libvirt-lock-sanlock-5.1.0-8.6 is installed
  • OR libvirt-nss-5.1.0-8.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed
  • AND Package Information
  • nodejs8-8.17.0-3.32 is installed
  • OR nodejs8-devel-8.17.0-3.32 is installed
  • OR nodejs8-docs-8.17.0-3.32 is installed
  • OR npm8-8.17.0-3.32 is installed
    • BACK