Alerts This Week
Warning Icon 1 1,111
Alerts This Week
Warning Icon 1 1,111

SUSE: 2020:2970-1 Important: libvirt Security Update Details

suse
Calendar Grey October 20, 2020
Dist Suse Esm H88
SUSE Security Update: Security update for libvirt __________________________________________________
An update that solves two vulnerabilities and has four fixes is now available

Summary

This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). - qemu: Avoid stale capabilities cache host CPU or kernel command line changes (bsc#1173157). - virdevmapper: Handle kernel without device-mapper support (bsc#1175465). - Xen: Added support for passing arbitrary commands to the qemu device model, similar to the xl.cfg(5) device_model_args setting (bsc#1174139). - Xen: Don't add dom0 twice on driver reload (bsc#1176430). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

References

#1173157 #1174139 #1174955 #1175465 #1176430

#1177155

Cross- CVE-2020-15708 CVE-2020-25637

Affected Products:

SUSE Linux Enterprise Module for Server Applications 15-SP2

SUSE Linux Enterprise Module for Basesystem 15-SP2

https://www.suse.com/security/cve/CVE-2020-15708.html

https://www.suse.com/security/cve/CVE-2020-25637.html

https://bugzilla.suse.com/1173157

https://bugzilla.suse.com/1174139

https://bugzilla.suse.com/1174955

https://bugzilla.suse.com/1175465

https://bugzilla.suse.com/1176430

https://bugzilla.suse.com/1177155

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:2970-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here