Overview

File _patchinfo of Package patchinfo.11695

<patchinfo incident="11695">
  <issue tracker="bnc" id="1138301">VUL-0: EMBARGOED: CVE-2019-10161: libvirt: api: disallow virDomainSaveImageGetXMLDesc on read-only connections</issue>
  <issue tracker="cve" id="2019-10161"/>
  <category>security</category>
  <rating>important</rating>
  <packager>jfehlig</packager>
  <description>This update for libvirt fixes the following issue:

Security issue fixed:

- CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path
  parameter pointing anywhere on the system and potentially leading to execution
  of a malicious file with root privileges by libvirtd (bsc#1138301).
</description>
  <summary>Security update for libvirt</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places