Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

openSUSE Leap 15.2: ID 2020:1777-1 Important: libvirt Security Update

opensuse
Calendar Grey October 30, 2020
Dist Opensuse Esm H88
A critical update for openSUSE addressing vulnerabilities in libvirt has been released. Ensure your system is up-to-date and protected!
An update that solves two vulnerabilities and has four fixes is now available.

Description

This update for libvirt fixes the following issues:

- CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE

distros (bsc#1174955).

- CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces()

(bsc#1177155).

- qemu: Avoid stale capabilities cache host CPU or kernel command line

changes (bsc#1173157).

- virdevmapper: Handle kernel without device-mapper support (bsc#1175465).

- Xen: Added support for passing arbitrary commands to the qemu device

model, similar to the xl.cfg(5) device_model_args setting (bsc#1174139).

- Xen: Don't add dom0 twice on driver reload (bsc#1176430).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Topics%20covered

Topics Covered

security advisory critical software update important fixes libvirt openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1777=1

Package List

- openSUSE Leap 15.2 (i586 x86_64):

libvirt-6.0.0-lp152.9.6.2

libvirt-admin-6.0.0-lp152.9.6.2

libvirt-admin-debuginfo-6.0.0-lp152.9.6.2

libvirt-client-6.0.0-lp152.9.6.2

libvirt-client-debuginfo-6.0.0-lp152.9.6.2

libvirt-daemon-6.0.0-lp152.9.6.2

libvirt-daemon-config-network-6.0.0-lp152.9.6.2

libvirt-daemon-config-nwfilter-6.0.0-lp152.9.6.2

libvirt-daemon-debuginfo-6.0.0-lp152.9.6.2

libvirt-daemon-driver-interface-6.0.0-lp152.9.6.2

libvirt-daemon-driver-interface-debuginfo-6.0.0-lp152.9.6.2

libvirt-daemon-driver-lxc-6.0.0-lp152.9.6.2

libvirt-daemon-driver-lxc-debuginfo-6.0.0-lp152.9.6.2

libvirt-daemon-driver-network-6.0.0-lp152.9.6.2

libvirt-daemon-driver-network-debuginfo-6.0.0-lp152.9.6.2

libvirt-daemon-driver-nodedev-6.0.0-lp152.9.6.2

libvirt-daemon-driver-nodedev-debuginfo-6.0.0-lp152.9.6.2

libvirt-daemon-driver-nwfilter-6.0.0-lp152.9.6.2

libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-lp152.9.6.2

libvirt-daemon-driver-qemu-6.0.0-lp152.9.6.2

libvirt-daemon-driver-qemu-debuginfo-6.0.0-lp152.9.6.2

libvirt-d...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2020-15708.html

https://www.suse.com/security/cve/CVE-2020-25637.html

https://bugzilla.suse.com/1173157

https://bugzilla.suse.com/1174139

https://bugzilla.suse.com/1174955

https://bugzilla.suse.com/1175465

https://bugzilla.suse.com/1176430

https://bugzilla.suse.com/1177155

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:1777-1
Rating: important
Affected Products: openSUSE Leap 15.2 le.

Topics%20covered

Topics Covered

security advisory critical software update important fixes libvirt openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here