| Revision Date: | 2019-06-21 | Version: | 1 |
| Title: | Security update for libvirt (Important) |
| Description: |
This update for libvirt fixes the following issues:
Security issues fixed:
- CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). - CVE-2019-10168: Fixed an issue with virConnect*HypervisorCPU API which could have been used to execute arbitrary emulators (bsc#1138305).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1138301
1138302
1138303
1138305
CVE-2019-10161
CVE-2019-10166
CVE-2019-10167
CVE-2019-10168
SUSE-SU-2019:1643-1
|
| Platform(s): | SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
| Product(s): | |