Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

openSUSE Leap 15.1: 2020:1778-1 Important: libvirt DoS Issues

opensuse
Calendar Grey October 30, 2020
Dist Opensuse Esm H88
A crucial security notification for Fedora highlights vulnerabilities in qemu, offering vital patches. Remain informed!
An update that solves two vulnerabilities and has four fixes is now available.

Description

This update for libvirt fixes the following issues:

- CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE

distros (bsc#1174955).

- CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces()

(bsc#1177155).

- qemu: Adjust max memlock on mdev hotplug (bsc#1177480).

- Xen: Don't add dom0 twice on driver reload (bsc#1176430).

- virdevmapper: Handle kernel without device-mapper support (bsc#1175465).

- Fixed an issue where building was failing (bsc#1175574).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Topics%20covered

Topics Covered

security advisory patch important fixes dos libvirt openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-1778=1

Package List

- openSUSE Leap 15.1 (x86_64):

libvirt-5.1.0-lp151.7.10.1

libvirt-admin-5.1.0-lp151.7.10.1

libvirt-admin-debuginfo-5.1.0-lp151.7.10.1

libvirt-client-5.1.0-lp151.7.10.1

libvirt-client-debuginfo-5.1.0-lp151.7.10.1

libvirt-daemon-5.1.0-lp151.7.10.1

libvirt-daemon-config-network-5.1.0-lp151.7.10.1

libvirt-daemon-config-nwfilter-5.1.0-lp151.7.10.1

libvirt-daemon-debuginfo-5.1.0-lp151.7.10.1

libvirt-daemon-driver-interface-5.1.0-lp151.7.10.1

libvirt-daemon-driver-interface-debuginfo-5.1.0-lp151.7.10.1

libvirt-daemon-driver-libxl-5.1.0-lp151.7.10.1

libvirt-daemon-driver-libxl-debuginfo-5.1.0-lp151.7.10.1

libvirt-daemon-driver-lxc-5.1.0-lp151.7.10.1

libvirt-daemon-driver-lxc-debuginfo-5.1.0-lp151.7.10.1

libvirt-daemon-driver-network-5.1.0-lp151.7.10.1

libvirt-daemon-driver-network-debuginfo-5.1.0-lp151.7.10.1

libvirt-daemon-driver-nodedev-5.1.0-lp151.7.10.1

libvirt-daemon-driver-nodedev-debuginfo-5.1.0-lp151.7.10.1

libvirt-daemon-driver-nwfilter-5.1.0-lp151.7.10.1

libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-lp1...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2020-15708.html

https://www.suse.com/security/cve/CVE-2020-25637.html

https://bugzilla.suse.com/1174955

https://bugzilla.suse.com/1175465

https://bugzilla.suse.com/1175574

https://bugzilla.suse.com/1176430

https://bugzilla.suse.com/1177155

https://bugzilla.suse.com/1177480

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:1778-1
Rating: important
Affected Products: openSUSE Leap 15.1 le.

Topics%20covered

Topics Covered

security advisory patch important fixes dos libvirt openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here