SUSE: 2020:3037-1 Important: libvirt Security Updates and Fixes
suse
October 26, 2020
An update that solves two vulnerabilities and has four fixes is now available
Summary
This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). - qemu: Adjust max memlock on mdev hotplug (bsc#1177480). - Xen: Don't add dom0 twice on driver reload (bsc#1176430). - virdevmapper: Handle kernel without device-mapper support (bsc#1175465). - Fixed an issue where building was failing (bsc#1175574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1:
References
#1174955 #1175465 #1175574 #1176430 #1177155
#1177480
Cross- CVE-2020-15708 CVE-2020-25637
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP1
SUSE Linux Enterprise Module for Basesystem 15-SP1
https://www.suse.com/security/cve/CVE-2020-15708.html
https://www.suse.com/security/cve/CVE-2020-25637.html
https://bugzilla.suse.com/1174955
https://bugzilla.suse.com/1175465
https://bugzilla.suse.com/1175574
https://bugzilla.suse.com/1176430
https://bugzilla.suse.com/1177155
https://bugzilla.suse.com/1177480
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!