Overview Repositories Revisions Requests Users Attributes Meta
Security update for libvirt

This update for libvirt fixes the following issues:

Security issues fixed:

- CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path
parameter pointing anywhere on the system and potentially leading to execution
of a malicious file with root privileges by libvirtd (bsc#1138301).
- CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have
been used to alter the domain's config used for managedsave or execute arbitrary
emulator binaries (bsc#1138302).
- CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which
could have been used to execute arbitrary emulators (bsc#1138303).
- CVE-2019-10168: Fixed an issue with virConnect*HypervisorCPU API which
could have been used to execute arbitrary emulators (bsc#1138305).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Fixed bugs
bnc#1138301
VUL-0: EMBARGOED: CVE-2019-10161: libvirt: api: disallow virDomainSaveImageGetXMLDesc on read-only connections
bnc#1138303
VUL-0: EMBARGOED: CVE-2019-10167: libvirt: api: disallow virConnectGetDomainCapabilities on read-only connections
bnc#1138302
VUL-0: EMBARGOED: CVE-2019-10166: libvirt: api: disallow virDomainManagedSaveDefineXML on read-only connections
bnc#1138305
VUL-0: EMBARGOED: CVE-2019-10168: libvirt: api: disallow virConnect*HypervisorCPU on read-only connections
CVE-2019-10161
CVE-2019-10168
CVE-2019-10167
CVE-2019-10166
Selected Binaries
openSUSE Build Service is sponsored by
Places