SUSE 12-SP3: SUSE-SU-2019:2227-1 Important: libvirt Executable Risks
suse
August 28, 2019
An update that solves two vulnerabilities and has two fixes is now available
Summary
This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Non-security issues fixed: - Fixed an issue with short bitmaps when setting vcpu affinity using the vcpupin (bsc#1138734). - Added support for overriding max threads per process limit (bsc#1133719) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Topics Covered
References
#1133719 #1138301 #1138303 #1138734
Cross- CVE-2019-10161 CVE-2019-10167
Affected Products:
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud 8
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server 12-SP3-LTSS
SUSE Enterprise Storage 5
HPE Helion Openstack 8
https://www.suse.com/security/cve/CVE-2019-10161.html
https://www.suse.com/security/cve/CVE-2019-10167.html
https://bugzilla.suse.com/1133719
https://bugzilla.suse.com/1138301
https://bugzilla.suse.com/1138303
https://bugzilla.suse.com/1138734
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2019:2227-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!