SUSE: 2019:1637-1 Critical Update for libvirt DoS Vulnerability Risk
suse
June 21, 2019
An update that solves three vulnerabilities and has one errata is now available
Summary
This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Other issue addressed: - spec: add systemd-container dependency to qemu and lxc drivers (bsc#1136109). Patch Instructions:
References
#1136109 #1138301 #1138302 #1138303
Cross- CVE-2019-10161 CVE-2019-10166 CVE-2019-10167
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Basesystem 15
https://www.suse.com/security/cve/CVE-2019-10161.html
https://www.suse.com/security/cve/CVE-2019-10166.html
https://www.suse.com/security/cve/CVE-2019-10167.html
https://bugzilla.suse.com/1136109
https://bugzilla.suse.com/1138301
https://bugzilla.suse.com/1138302
https://bugzilla.suse.com/1138303
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!