Revision Date: | 2019-06-21 | Version: | 1 |
Title: | Security update for libvirt (Important) |
Description: |
This update for libvirt fixes the following issues:
Security issues fixed:
- CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). - CVE-2019-10168: Fixed an issue with virConnect*HypervisorCPU API which could have been used to execute arbitrary emulators (bsc#1138305).
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | 1138301 1138302 1138303 1138305 CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 CVE-2019-10168 SUSE-SU-2019:1643-1
|
Platform(s): | SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Server 4.0
| Product(s): | |
Definition Synopsis |
SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND libvirt-libs-5.1.0-8.6.1 is installed
|