SUSE: 2019:2105-1 Important: libvirt Arbitrary Code Execution Fix
suse
August 9, 2019
An update that solves two vulnerabilities and has one errata is now available
Summary
This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Non-security issue fixed: - qemu: Add support for overriding max threads per process limit (bsc#1133719) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7:
Topics Covered
References
#1133719 #1138301 #1138303
Cross- CVE-2019-10161 CVE-2019-10167
Affected Products:
SUSE OpenStack Cloud 7
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Enterprise Storage 4
https://www.suse.com/security/cve/CVE-2019-10161.html
https://www.suse.com/security/cve/CVE-2019-10167.html
https://bugzilla.suse.com/1133719
https://bugzilla.suse.com/1138301
https://bugzilla.suse.com/1138303
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2019:2105-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!