Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

openSUSE Leap 15.0: openSUSE-SU-2019:1288-1 Important: Libvirt DoS

opensuse
Calendar Grey April 28, 2019
Dist Opensuse Esm H88
This crucial Fedora security notice outlines updates to glibc, focusing on essential corrections and risks.
An update that solves one vulnerability and has 15 fixes is now available.

Description

This update for libvirt provides the following fixes:

Security issue fixed:

- CVE-2019-3840: Fixed a null pointer dereference vulnerability in

virJSONValueObjectHasKey function which could have resulted in a remote

denial of service via the guest agent (bsc#1127458).

Other issues addressed:

- apparmor: reintroduce upstream lxc mount rules (bsc#1130129).

- hook: encode incoming XML to UTF-8 before passing to lxml etree from

string method (bsc#1123642).

- supportconfig: collect rotated logs in /var/log/libvirt/* (bsc#1124667).

- libxl: support Xen's max_grant_frames setting with maxGrantFrames

attribute on the xenbus controller (bsc#1126325).

- conf: added new 'xenbus' controller type

- util: skip RDMA detection for non-PCI network devices (bsc#1112182).

- qemu: don't use CAP_DAC_OVERRIDE capability if non-root (bsc#1125665).

- qemu: fix issues related to restricted permissions on

/dev/sev(bsc#1102604).

- apparmor: add...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service important libvirt openSUSE CVE-2019-3840

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1288=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

libvirt-4.0.0-lp150.7.10.4

libvirt-admin-4.0.0-lp150.7.10.4

libvirt-admin-debuginfo-4.0.0-lp150.7.10.4

libvirt-client-4.0.0-lp150.7.10.4

libvirt-client-debuginfo-4.0.0-lp150.7.10.4

libvirt-daemon-4.0.0-lp150.7.10.4

libvirt-daemon-config-network-4.0.0-lp150.7.10.4

libvirt-daemon-config-nwfilter-4.0.0-lp150.7.10.4

libvirt-daemon-debuginfo-4.0.0-lp150.7.10.4

libvirt-daemon-driver-interface-4.0.0-lp150.7.10.4

libvirt-daemon-driver-interface-debuginfo-4.0.0-lp150.7.10.4

libvirt-daemon-driver-lxc-4.0.0-lp150.7.10.4

libvirt-daemon-driver-lxc-debuginfo-4.0.0-lp150.7.10.4

libvirt-daemon-driver-network-4.0.0-lp150.7.10.4

libvirt-daemon-driver-network-debuginfo-4.0.0-lp150.7.10.4

libvirt-daemon-driver-nodedev-4.0.0-lp150.7.10.4

libvirt-daemon-driver-nodedev-debuginfo-4.0.0-lp150.7.10.4

libvirt-daemon-driver-nwfilter-4.0.0-lp150.7.10.4

libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-lp150.7.10.4

libvirt-daemon-driver-qemu-4.0.0-lp150.7.10.4

libvirt-daemon-driver-qemu-debuginfo-4.0.0-...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2019-3840.html

https://bugzilla.suse.com/1081516

https://bugzilla.suse.com/1102604

https://bugzilla.suse.com/1104662

https://bugzilla.suse.com/1106420

https://bugzilla.suse.com/1108086

https://bugzilla.suse.com/1108395

https://bugzilla.suse.com/1112182

https://bugzilla.suse.com/1117058

https://bugzilla.suse.com/1118952

https://bugzilla.suse.com/1120813

https://bugzilla.suse.com/1123642

https://bugzilla.suse.com/1124667

https://bugzilla.suse.com/1125665

https://bugzilla.suse.com/1126325

https://bugzilla.suse.com/1127458

https://bugzilla.suse.com/1130129

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:1288-1
Rating: important
Affected Products: openSUSE Leap 15.0 le.

Topics%20covered

Topics Covered

security advisory denial of service important libvirt openSUSE CVE-2019-3840

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here