SUSE-SU-2016:0304-1: moderate: Security update for libvirt

Mon Feb 1 12:12:20 MST 2016

   SUSE Security Update: Security update for libvirt
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:0304-1
Rating:             moderate
References:         #899334 #903757 #904432 #911737 #914297 #914693 
                    #921355 #921555 #921586 #936524 #938228 #948516 
                    #948686 #953110 
Cross-References:   CVE-2015-0236 CVE-2015-5313
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12
                    SUSE Linux Enterprise Software Development Kit 12
                    SUSE Linux Enterprise Server for SAP 12
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that solves two vulnerabilities and has 12 fixes
   is now available.

Description:

   libvirt was updated to fix one security issue and several non-security
   issues.

   This security issue was fixed:

   - CVE-2015-0236: libvirt allowed remote authenticated users to obtain the
     VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1)
     snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to
     the virDomainSaveImageGetXMLDesc interface. (bsc#914693)
   - CVE-2015-5313: path traversal vulnerability allowed libvirtd process to
     write arbitrary files into file system using root permissions
     (bsc#953110)

   Theses non-security issues were fixed:

   - bsc#948686: Use PAUSED state for domains that are starting up.
   - bsc#903757: Provide nodeGetSecurityModel implementation in libxl.
   - bsc#938228: Set disk type to BLOCK when driver is not tap or file.
   - bsc#948516: Fix profile_status to distinguish between errors and
     unconfined domains.
   - bsc#936524: Fix error starting lxc containers with direct interfaces.
   - bsc#921555: Fixed apparmor generated profile for PCI hostdevs.
   - bsc#899334: Include additional upstream fixes for systemd
     TerminateMachine.
   - bsc#921586: Fix security driver default settings in
     /etc/libvirt/qemu.conf.
   - bsc#921355: Fixed a number of QEMU apparmor abstraction problems.
   - bsc#911737: Additional fix for the case where security labels aren't
     automatically set.
   - bsc#914297: Allow setting the URL of an SMT server to use in place of
     SCC.
   - bsc#904432: Backported route definition changes.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12:

      zypper in -t patch SUSE-SLE-WE-12-2016-189=1

   - SUSE Linux Enterprise Software Development Kit 12:

      zypper in -t patch SUSE-SLE-SDK-12-2016-189=1

   - SUSE Linux Enterprise Server for SAP 12:

      zypper in -t patch SUSE-SLE-SAP-12-2016-189=1

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2016-189=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2016-189=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Workstation Extension 12 (x86_64):

      libvirt-client-32bit-1.2.5-27.10.1
      libvirt-client-debuginfo-32bit-1.2.5-27.10.1

   - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

      libvirt-debugsource-1.2.5-27.10.1
      libvirt-devel-1.2.5-27.10.1

   - SUSE Linux Enterprise Server for SAP 12 (x86_64):

      libvirt-client-32bit-1.2.5-27.10.1
      libvirt-client-debuginfo-32bit-1.2.5-27.10.1

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      libvirt-1.2.5-27.10.1
      libvirt-client-1.2.5-27.10.1
      libvirt-client-debuginfo-1.2.5-27.10.1
      libvirt-daemon-1.2.5-27.10.1
      libvirt-daemon-config-network-1.2.5-27.10.1
      libvirt-daemon-config-nwfilter-1.2.5-27.10.1
      libvirt-daemon-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-interface-1.2.5-27.10.1
      libvirt-daemon-driver-interface-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-lxc-1.2.5-27.10.1
      libvirt-daemon-driver-lxc-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-network-1.2.5-27.10.1
      libvirt-daemon-driver-network-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-nodedev-1.2.5-27.10.1
      libvirt-daemon-driver-nodedev-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-nwfilter-1.2.5-27.10.1
      libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-qemu-1.2.5-27.10.1
      libvirt-daemon-driver-qemu-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-secret-1.2.5-27.10.1
      libvirt-daemon-driver-secret-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-storage-1.2.5-27.10.1
      libvirt-daemon-driver-storage-debuginfo-1.2.5-27.10.1
      libvirt-daemon-lxc-1.2.5-27.10.1
      libvirt-daemon-qemu-1.2.5-27.10.1
      libvirt-debugsource-1.2.5-27.10.1
      libvirt-doc-1.2.5-27.10.1
      libvirt-lock-sanlock-1.2.5-27.10.1
      libvirt-lock-sanlock-debuginfo-1.2.5-27.10.1

   - SUSE Linux Enterprise Server 12 (x86_64):

      libvirt-daemon-driver-libxl-1.2.5-27.10.1
      libvirt-daemon-driver-libxl-debuginfo-1.2.5-27.10.1
      libvirt-daemon-xen-1.2.5-27.10.1

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      libvirt-1.2.5-27.10.1
      libvirt-client-1.2.5-27.10.1
      libvirt-client-32bit-1.2.5-27.10.1
      libvirt-client-debuginfo-1.2.5-27.10.1
      libvirt-client-debuginfo-32bit-1.2.5-27.10.1
      libvirt-daemon-1.2.5-27.10.1
      libvirt-daemon-config-network-1.2.5-27.10.1
      libvirt-daemon-config-nwfilter-1.2.5-27.10.1
      libvirt-daemon-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-interface-1.2.5-27.10.1
      libvirt-daemon-driver-interface-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-libxl-1.2.5-27.10.1
      libvirt-daemon-driver-libxl-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-lxc-1.2.5-27.10.1
      libvirt-daemon-driver-lxc-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-network-1.2.5-27.10.1
      libvirt-daemon-driver-network-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-nodedev-1.2.5-27.10.1
      libvirt-daemon-driver-nodedev-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-nwfilter-1.2.5-27.10.1
      libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-qemu-1.2.5-27.10.1
      libvirt-daemon-driver-qemu-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-secret-1.2.5-27.10.1
      libvirt-daemon-driver-secret-debuginfo-1.2.5-27.10.1
      libvirt-daemon-driver-storage-1.2.5-27.10.1
      libvirt-daemon-driver-storage-debuginfo-1.2.5-27.10.1
      libvirt-daemon-lxc-1.2.5-27.10.1
      libvirt-daemon-qemu-1.2.5-27.10.1
      libvirt-daemon-xen-1.2.5-27.10.1
      libvirt-debugsource-1.2.5-27.10.1
      libvirt-doc-1.2.5-27.10.1

References:

   https://www.suse.com/security/cve/CVE-2015-0236.html
   https://www.suse.com/security/cve/CVE-2015-5313.html
   https://bugzilla.suse.com/899334
   https://bugzilla.suse.com/903757
   https://bugzilla.suse.com/904432
   https://bugzilla.suse.com/911737
   https://bugzilla.suse.com/914297
   https://bugzilla.suse.com/914693
   https://bugzilla.suse.com/921355
   https://bugzilla.suse.com/921555
   https://bugzilla.suse.com/921586
   https://bugzilla.suse.com/936524
   https://bugzilla.suse.com/938228
   https://bugzilla.suse.com/948516
   https://bugzilla.suse.com/948686
   https://bugzilla.suse.com/953110