SUSE-SU-2015:0241-1: moderate: Security update for libvirt

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon Feb 9 08:05:06 MST 2015


   SUSE Security Update: Security update for libvirt
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:0241-1
Rating:             moderate
References:         #891936 #899334 #899484 #900587 #902976 #903756 
                    #904176 #904426 #904432 #909828 #910862 #911737 
                    
Cross-References:   CVE-2014-3657 CVE-2014-7823 CVE-2014-8136
                   
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12
                    SUSE Linux Enterprise Software Development Kit 12
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that solves three vulnerabilities and has 9 fixes
   is now available.

Description:

   libvirt was updated to fix security issues and bugs.

   These security issues were fixed:
   - Fixed denial of service flaw in libvirt's virConnectListAllDomains()
     function (CVE-2014-3657).
   - Information leak with flag VIR_DOMAIN_XML_MIGRATABLE (CVE-2014-7823).
   - local denial of service in qemu driver (CVE-2014-8136)

   These non-security issues were fixed:
   - Get /proc/sys/net/ipv[46] read-write for wicked to work in containers
     (bsc#904432).
   - libxl: Several migration improvements (bsc#903756).
   - libxl: allow libxl to find pygrub binary (bdo#770485).
   - Fix Qemu AppArmor abstraction (bsc#904426).
   - AppArmor confined kvm domains couldn't find the apparmor profile
     template (bnc#902976).
   - Backport commit c110cdb2 to fix non-raw storage format error
     (bnc#900587).
   - qemu: use systemd's TerminateMachine to kill all processes (bsc#899334).
   - Transformed Errors into warnings in detect_scsi_host_caps.
   - Fix a missing cleanup for lxc containers.
   - Adding network configuration to containers. bsc#904432


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12:

      zypper in -t patch SUSE-SLE-WE-12-2015-59=1

   - SUSE Linux Enterprise Software Development Kit 12:

      zypper in -t patch SUSE-SLE-SDK-12-2015-59=1

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-59=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-59=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Workstation Extension 12 (x86_64):

      libvirt-client-32bit-1.2.5-21.1
      libvirt-client-debuginfo-32bit-1.2.5-21.1

   - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

      libvirt-debugsource-1.2.5-21.1
      libvirt-devel-1.2.5-21.1

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      libvirt-1.2.5-21.1
      libvirt-client-1.2.5-21.1
      libvirt-client-debuginfo-1.2.5-21.1
      libvirt-daemon-1.2.5-21.1
      libvirt-daemon-config-network-1.2.5-21.1
      libvirt-daemon-config-nwfilter-1.2.5-21.1
      libvirt-daemon-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-interface-1.2.5-21.1
      libvirt-daemon-driver-interface-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-lxc-1.2.5-21.1
      libvirt-daemon-driver-lxc-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-network-1.2.5-21.1
      libvirt-daemon-driver-network-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-nodedev-1.2.5-21.1
      libvirt-daemon-driver-nodedev-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-nwfilter-1.2.5-21.1
      libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-qemu-1.2.5-21.1
      libvirt-daemon-driver-qemu-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-secret-1.2.5-21.1
      libvirt-daemon-driver-secret-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-storage-1.2.5-21.1
      libvirt-daemon-driver-storage-debuginfo-1.2.5-21.1
      libvirt-daemon-lxc-1.2.5-21.1
      libvirt-daemon-qemu-1.2.5-21.1
      libvirt-debugsource-1.2.5-21.1
      libvirt-doc-1.2.5-21.1
      libvirt-lock-sanlock-1.2.5-21.1
      libvirt-lock-sanlock-debuginfo-1.2.5-21.1

   - SUSE Linux Enterprise Server 12 (x86_64):

      libvirt-daemon-driver-libxl-1.2.5-21.1
      libvirt-daemon-driver-libxl-debuginfo-1.2.5-21.1
      libvirt-daemon-xen-1.2.5-21.1

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      libvirt-1.2.5-21.1
      libvirt-client-1.2.5-21.1
      libvirt-client-32bit-1.2.5-21.1
      libvirt-client-debuginfo-1.2.5-21.1
      libvirt-client-debuginfo-32bit-1.2.5-21.1
      libvirt-daemon-1.2.5-21.1
      libvirt-daemon-config-network-1.2.5-21.1
      libvirt-daemon-config-nwfilter-1.2.5-21.1
      libvirt-daemon-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-interface-1.2.5-21.1
      libvirt-daemon-driver-interface-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-libxl-1.2.5-21.1
      libvirt-daemon-driver-libxl-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-lxc-1.2.5-21.1
      libvirt-daemon-driver-lxc-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-network-1.2.5-21.1
      libvirt-daemon-driver-network-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-nodedev-1.2.5-21.1
      libvirt-daemon-driver-nodedev-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-nwfilter-1.2.5-21.1
      libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-qemu-1.2.5-21.1
      libvirt-daemon-driver-qemu-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-secret-1.2.5-21.1
      libvirt-daemon-driver-secret-debuginfo-1.2.5-21.1
      libvirt-daemon-driver-storage-1.2.5-21.1
      libvirt-daemon-driver-storage-debuginfo-1.2.5-21.1
      libvirt-daemon-lxc-1.2.5-21.1
      libvirt-daemon-qemu-1.2.5-21.1
      libvirt-daemon-xen-1.2.5-21.1
      libvirt-debugsource-1.2.5-21.1
      libvirt-doc-1.2.5-21.1


References:

   http://support.novell.com/security/cve/CVE-2014-3657.html
   http://support.novell.com/security/cve/CVE-2014-7823.html
   http://support.novell.com/security/cve/CVE-2014-8136.html
   https://bugzilla.suse.com/show_bug.cgi?id=891936
   https://bugzilla.suse.com/show_bug.cgi?id=899334
   https://bugzilla.suse.com/show_bug.cgi?id=899484
   https://bugzilla.suse.com/show_bug.cgi?id=900587
   https://bugzilla.suse.com/show_bug.cgi?id=902976
   https://bugzilla.suse.com/show_bug.cgi?id=903756
   https://bugzilla.suse.com/show_bug.cgi?id=904176
   https://bugzilla.suse.com/show_bug.cgi?id=904426
   https://bugzilla.suse.com/show_bug.cgi?id=904432
   https://bugzilla.suse.com/show_bug.cgi?id=909828
   https://bugzilla.suse.com/show_bug.cgi?id=910862
   https://bugzilla.suse.com/show_bug.cgi?id=911737



More information about the sle-updates mailing list