SUSE-SU-2015:0241-1: moderate: Security update for libvirt
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Feb 9 08:05:06 MST 2015
SUSE Security Update: Security update for libvirt
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:0241-1
Rating: moderate
References: #891936 #899334 #899484 #900587 #902976 #903756
#904176 #904426 #904432 #909828 #910862 #911737
Cross-References: CVE-2014-3657 CVE-2014-7823 CVE-2014-8136
Affected Products:
SUSE Linux Enterprise Workstation Extension 12
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12
______________________________________________________________________________
An update that solves three vulnerabilities and has 9 fixes
is now available.
Description:
libvirt was updated to fix security issues and bugs.
These security issues were fixed:
- Fixed denial of service flaw in libvirt's virConnectListAllDomains()
function (CVE-2014-3657).
- Information leak with flag VIR_DOMAIN_XML_MIGRATABLE (CVE-2014-7823).
- local denial of service in qemu driver (CVE-2014-8136)
These non-security issues were fixed:
- Get /proc/sys/net/ipv[46] read-write for wicked to work in containers
(bsc#904432).
- libxl: Several migration improvements (bsc#903756).
- libxl: allow libxl to find pygrub binary (bdo#770485).
- Fix Qemu AppArmor abstraction (bsc#904426).
- AppArmor confined kvm domains couldn't find the apparmor profile
template (bnc#902976).
- Backport commit c110cdb2 to fix non-raw storage format error
(bnc#900587).
- qemu: use systemd's TerminateMachine to kill all processes (bsc#899334).
- Transformed Errors into warnings in detect_scsi_host_caps.
- Fix a missing cleanup for lxc containers.
- Adding network configuration to containers. bsc#904432
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12:
zypper in -t patch SUSE-SLE-WE-12-2015-59=1
- SUSE Linux Enterprise Software Development Kit 12:
zypper in -t patch SUSE-SLE-SDK-12-2015-59=1
- SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2015-59=1
- SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-59=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12 (x86_64):
libvirt-client-32bit-1.2.5-21.1
libvirt-client-debuginfo-32bit-1.2.5-21.1
- SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
libvirt-debugsource-1.2.5-21.1
libvirt-devel-1.2.5-21.1
- SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
libvirt-1.2.5-21.1
libvirt-client-1.2.5-21.1
libvirt-client-debuginfo-1.2.5-21.1
libvirt-daemon-1.2.5-21.1
libvirt-daemon-config-network-1.2.5-21.1
libvirt-daemon-config-nwfilter-1.2.5-21.1
libvirt-daemon-debuginfo-1.2.5-21.1
libvirt-daemon-driver-interface-1.2.5-21.1
libvirt-daemon-driver-interface-debuginfo-1.2.5-21.1
libvirt-daemon-driver-lxc-1.2.5-21.1
libvirt-daemon-driver-lxc-debuginfo-1.2.5-21.1
libvirt-daemon-driver-network-1.2.5-21.1
libvirt-daemon-driver-network-debuginfo-1.2.5-21.1
libvirt-daemon-driver-nodedev-1.2.5-21.1
libvirt-daemon-driver-nodedev-debuginfo-1.2.5-21.1
libvirt-daemon-driver-nwfilter-1.2.5-21.1
libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-21.1
libvirt-daemon-driver-qemu-1.2.5-21.1
libvirt-daemon-driver-qemu-debuginfo-1.2.5-21.1
libvirt-daemon-driver-secret-1.2.5-21.1
libvirt-daemon-driver-secret-debuginfo-1.2.5-21.1
libvirt-daemon-driver-storage-1.2.5-21.1
libvirt-daemon-driver-storage-debuginfo-1.2.5-21.1
libvirt-daemon-lxc-1.2.5-21.1
libvirt-daemon-qemu-1.2.5-21.1
libvirt-debugsource-1.2.5-21.1
libvirt-doc-1.2.5-21.1
libvirt-lock-sanlock-1.2.5-21.1
libvirt-lock-sanlock-debuginfo-1.2.5-21.1
- SUSE Linux Enterprise Server 12 (x86_64):
libvirt-daemon-driver-libxl-1.2.5-21.1
libvirt-daemon-driver-libxl-debuginfo-1.2.5-21.1
libvirt-daemon-xen-1.2.5-21.1
- SUSE Linux Enterprise Desktop 12 (x86_64):
libvirt-1.2.5-21.1
libvirt-client-1.2.5-21.1
libvirt-client-32bit-1.2.5-21.1
libvirt-client-debuginfo-1.2.5-21.1
libvirt-client-debuginfo-32bit-1.2.5-21.1
libvirt-daemon-1.2.5-21.1
libvirt-daemon-config-network-1.2.5-21.1
libvirt-daemon-config-nwfilter-1.2.5-21.1
libvirt-daemon-debuginfo-1.2.5-21.1
libvirt-daemon-driver-interface-1.2.5-21.1
libvirt-daemon-driver-interface-debuginfo-1.2.5-21.1
libvirt-daemon-driver-libxl-1.2.5-21.1
libvirt-daemon-driver-libxl-debuginfo-1.2.5-21.1
libvirt-daemon-driver-lxc-1.2.5-21.1
libvirt-daemon-driver-lxc-debuginfo-1.2.5-21.1
libvirt-daemon-driver-network-1.2.5-21.1
libvirt-daemon-driver-network-debuginfo-1.2.5-21.1
libvirt-daemon-driver-nodedev-1.2.5-21.1
libvirt-daemon-driver-nodedev-debuginfo-1.2.5-21.1
libvirt-daemon-driver-nwfilter-1.2.5-21.1
libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-21.1
libvirt-daemon-driver-qemu-1.2.5-21.1
libvirt-daemon-driver-qemu-debuginfo-1.2.5-21.1
libvirt-daemon-driver-secret-1.2.5-21.1
libvirt-daemon-driver-secret-debuginfo-1.2.5-21.1
libvirt-daemon-driver-storage-1.2.5-21.1
libvirt-daemon-driver-storage-debuginfo-1.2.5-21.1
libvirt-daemon-lxc-1.2.5-21.1
libvirt-daemon-qemu-1.2.5-21.1
libvirt-daemon-xen-1.2.5-21.1
libvirt-debugsource-1.2.5-21.1
libvirt-doc-1.2.5-21.1
References:
http://support.novell.com/security/cve/CVE-2014-3657.html
http://support.novell.com/security/cve/CVE-2014-7823.html
http://support.novell.com/security/cve/CVE-2014-8136.html
https://bugzilla.suse.com/show_bug.cgi?id=891936
https://bugzilla.suse.com/show_bug.cgi?id=899334
https://bugzilla.suse.com/show_bug.cgi?id=899484
https://bugzilla.suse.com/show_bug.cgi?id=900587
https://bugzilla.suse.com/show_bug.cgi?id=902976
https://bugzilla.suse.com/show_bug.cgi?id=903756
https://bugzilla.suse.com/show_bug.cgi?id=904176
https://bugzilla.suse.com/show_bug.cgi?id=904426
https://bugzilla.suse.com/show_bug.cgi?id=904432
https://bugzilla.suse.com/show_bug.cgi?id=909828
https://bugzilla.suse.com/show_bug.cgi?id=910862
https://bugzilla.suse.com/show_bug.cgi?id=911737
More information about the sle-security-updates
mailing list