Security update for libvirt SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:1208-1 Final 1 1 2020-05-06T16:46:41Z current 2020-05-06T16:46:41Z 2020-05-06T16:46:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libvirt This update for libvirt fixes the following issues: Security issues fixed: - CVE-2020-10703: Fixed a daemon crash caused by pools without target paths (bsc#1168683). - CVE-2020-12430: Fixed a memory leak in qemuDomainGetStatsIOThread (bsc#1170765). Non-security issues fixed: - Support setting credit2 scheduler parameters for xen (bsc#1162160). - Add SLE 15 and SLE 12 service packs support to 'libvirtd' (bsc#1154093). - Add support boot from 'vfio-ccw'and 'mdev' devices (jsc#SLE-5826, FATE#327355, bsc#1152649). - Fix lock manager lock ordering (bsc#1145774). - Do not define known no-op features. (bsc#1151850). - Enable use of newer libxl APIs for retrieving memory statistics (bsc#1157490, bsc#1167007). - Create multipath targets for qemu PR (bsc#1161883). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP1-SAP-Azure-2020-1208,Image SLES15-SP1-SAP-Azure-BYOS-2020-1208,Image SLES15-SP1-SAP-EC2-HVM-2020-1208,Image SLES15-SP1-SAP-EC2-HVM-BYOS-2020-1208,Image SLES15-SP1-SAP-GCE-2020-1208,Image SLES15-SP1-SAP-GCE-BYOS-2020-1208,Image SLES15-SP1-SAP-OCI-BYOS-2020-1208,SUSE-2020-1208,SUSE-SLE-Module-Basesystem-15-SP1-2020-1208,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1208,SUSE-SLE-Module-Server-Applications-15-SP1-2020-1208 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20201208-1/ Link for SUSE-SU-2020:1208-1 https://lists.suse.com/pipermail/sle-security-updates/2020-May/006795.html E-Mail link for SUSE-SU-2020:1208-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1145774 SUSE Bug 1145774 https://bugzilla.suse.com/1151850 SUSE Bug 1151850 https://bugzilla.suse.com/1152649 SUSE Bug 1152649 https://bugzilla.suse.com/1154093 SUSE Bug 1154093 https://bugzilla.suse.com/1157490 SUSE Bug 1157490 https://bugzilla.suse.com/1161883 SUSE Bug 1161883 https://bugzilla.suse.com/1162160 SUSE Bug 1162160 https://bugzilla.suse.com/1167007 SUSE Bug 1167007 https://bugzilla.suse.com/1168683 SUSE Bug 1168683 https://bugzilla.suse.com/1170765 SUSE Bug 1170765 https://www.suse.com/security/cve/CVE-2020-10703/ SUSE CVE CVE-2020-10703 page https://www.suse.com/security/cve/CVE-2020-12430/ SUSE CVE CVE-2020-12430 page Image SLES15-SP1-SAP-Azure Image SLES15-SP1-SAP-Azure-BYOS Image SLES15-SP1-SAP-EC2-HVM Image SLES15-SP1-SAP-EC2-HVM-BYOS Image SLES15-SP1-SAP-GCE Image SLES15-SP1-SAP-GCE-BYOS Image SLES15-SP1-SAP-OCI-BYOS SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-client-5.1.0-8.16.1 libvirt-libs-5.1.0-8.16.1 libvirt-5.1.0-8.16.1 libvirt-admin-5.1.0-8.16.1 libvirt-bash-completion-5.1.0-8.16.1 libvirt-daemon-5.1.0-8.16.1 libvirt-daemon-config-network-5.1.0-8.16.1 libvirt-daemon-config-nwfilter-5.1.0-8.16.1 libvirt-daemon-driver-interface-5.1.0-8.16.1 libvirt-daemon-driver-libxl-5.1.0-8.16.1 libvirt-daemon-driver-lxc-5.1.0-8.16.1 libvirt-daemon-driver-network-5.1.0-8.16.1 libvirt-daemon-driver-nodedev-5.1.0-8.16.1 libvirt-daemon-driver-nwfilter-5.1.0-8.16.1 libvirt-daemon-driver-qemu-5.1.0-8.16.1 libvirt-daemon-driver-secret-5.1.0-8.16.1 libvirt-daemon-driver-storage-5.1.0-8.16.1 libvirt-daemon-driver-storage-core-5.1.0-8.16.1 libvirt-daemon-driver-storage-disk-5.1.0-8.16.1 libvirt-daemon-driver-storage-iscsi-5.1.0-8.16.1 libvirt-daemon-driver-storage-logical-5.1.0-8.16.1 libvirt-daemon-driver-storage-mpath-5.1.0-8.16.1 libvirt-daemon-driver-storage-rbd-5.1.0-8.16.1 libvirt-daemon-driver-storage-scsi-5.1.0-8.16.1 libvirt-daemon-hooks-5.1.0-8.16.1 libvirt-daemon-lxc-5.1.0-8.16.1 libvirt-daemon-qemu-5.1.0-8.16.1 libvirt-daemon-xen-5.1.0-8.16.1 libvirt-devel-5.1.0-8.16.1 libvirt-devel-32bit-5.1.0-8.16.1 libvirt-devel-64bit-5.1.0-8.16.1 libvirt-doc-5.1.0-8.16.1 libvirt-lock-sanlock-5.1.0-8.16.1 libvirt-nss-5.1.0-8.16.1 wireshark-plugin-libvirt-5.1.0-8.16.1 libvirt-client-5.1.0-8.16.1 as a component of Image SLES15-SP1-SAP-Azure libvirt-libs-5.1.0-8.16.1 as a component of Image SLES15-SP1-SAP-Azure libvirt-client-5.1.0-8.16.1 as a component of Image SLES15-SP1-SAP-Azure-BYOS libvirt-libs-5.1.0-8.16.1 as a component of Image SLES15-SP1-SAP-Azure-BYOS libvirt-client-5.1.0-8.16.1 as a component of Image SLES15-SP1-SAP-EC2-HVM libvirt-libs-5.1.0-8.16.1 as a component of Image SLES15-SP1-SAP-EC2-HVM libvirt-client-5.1.0-8.16.1 as a component of Image SLES15-SP1-SAP-EC2-HVM-BYOS libvirt-libs-5.1.0-8.16.1 as a component of Image SLES15-SP1-SAP-EC2-HVM-BYOS libvirt-client-5.1.0-8.16.1 as a component of Image SLES15-SP1-SAP-GCE libvirt-libs-5.1.0-8.16.1 as a component of Image SLES15-SP1-SAP-GCE libvirt-client-5.1.0-8.16.1 as a component of Image SLES15-SP1-SAP-GCE-BYOS libvirt-libs-5.1.0-8.16.1 as a component of Image SLES15-SP1-SAP-GCE-BYOS libvirt-client-5.1.0-8.16.1 as a component of Image SLES15-SP1-SAP-OCI-BYOS libvirt-libs-5.1.0-8.16.1 as a component of Image SLES15-SP1-SAP-OCI-BYOS libvirt-libs-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 libvirt-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-admin-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-bash-completion-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-client-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-config-network-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-config-nwfilter-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-interface-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-libxl-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-lxc-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-network-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-nodedev-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-nwfilter-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-qemu-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-secret-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-storage-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-storage-core-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-storage-disk-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-storage-iscsi-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-storage-logical-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-storage-mpath-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-storage-rbd-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-driver-storage-scsi-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-hooks-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-lxc-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-qemu-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-daemon-xen-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-devel-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-doc-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-lock-sanlock-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 libvirt-nss-5.1.0-8.16.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service. CVE-2020-10703 Image SLES15-SP1-SAP-Azure-BYOS:libvirt-client-5.1.0-8.16.1 Image SLES15-SP1-SAP-Azure-BYOS:libvirt-libs-5.1.0-8.16.1 Image SLES15-SP1-SAP-Azure:libvirt-client-5.1.0-8.16.1 Image SLES15-SP1-SAP-Azure:libvirt-libs-5.1.0-8.16.1 Image SLES15-SP1-SAP-EC2-HVM-BYOS:libvirt-client-5.1.0-8.16.1 Image SLES15-SP1-SAP-EC2-HVM-BYOS:libvirt-libs-5.1.0-8.16.1 Image SLES15-SP1-SAP-EC2-HVM:libvirt-client-5.1.0-8.16.1 Image SLES15-SP1-SAP-EC2-HVM:libvirt-libs-5.1.0-8.16.1 Image SLES15-SP1-SAP-GCE-BYOS:libvirt-client-5.1.0-8.16.1 Image SLES15-SP1-SAP-GCE-BYOS:libvirt-libs-5.1.0-8.16.1 Image SLES15-SP1-SAP-GCE:libvirt-client-5.1.0-8.16.1 Image SLES15-SP1-SAP-GCE:libvirt-libs-5.1.0-8.16.1 Image SLES15-SP1-SAP-OCI-BYOS:libvirt-client-5.1.0-8.16.1 Image SLES15-SP1-SAP-OCI-BYOS:libvirt-libs-5.1.0-8.16.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:libvirt-libs-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-admin-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-bash-completion-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-client-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-config-network-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-config-nwfilter-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-interface-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-libxl-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-lxc-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-network-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-nodedev-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-nwfilter-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-qemu-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-secret-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-core-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-disk-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-iscsi-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-logical-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-mpath-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-rbd-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-scsi-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-hooks-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-lxc-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-qemu-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-xen-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-devel-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-doc-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-lock-sanlock-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-nss-5.1.0-8.16.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20201208-1/ https://www.suse.com/security/cve/CVE-2020-10703.html CVE-2020-10703 https://bugzilla.suse.com/1168683 SUSE Bug 1168683 An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service. CVE-2020-12430 Image SLES15-SP1-SAP-Azure-BYOS:libvirt-client-5.1.0-8.16.1 Image SLES15-SP1-SAP-Azure-BYOS:libvirt-libs-5.1.0-8.16.1 Image SLES15-SP1-SAP-Azure:libvirt-client-5.1.0-8.16.1 Image SLES15-SP1-SAP-Azure:libvirt-libs-5.1.0-8.16.1 Image SLES15-SP1-SAP-EC2-HVM-BYOS:libvirt-client-5.1.0-8.16.1 Image SLES15-SP1-SAP-EC2-HVM-BYOS:libvirt-libs-5.1.0-8.16.1 Image SLES15-SP1-SAP-EC2-HVM:libvirt-client-5.1.0-8.16.1 Image SLES15-SP1-SAP-EC2-HVM:libvirt-libs-5.1.0-8.16.1 Image SLES15-SP1-SAP-GCE-BYOS:libvirt-client-5.1.0-8.16.1 Image SLES15-SP1-SAP-GCE-BYOS:libvirt-libs-5.1.0-8.16.1 Image SLES15-SP1-SAP-GCE:libvirt-client-5.1.0-8.16.1 Image SLES15-SP1-SAP-GCE:libvirt-libs-5.1.0-8.16.1 Image SLES15-SP1-SAP-OCI-BYOS:libvirt-client-5.1.0-8.16.1 Image SLES15-SP1-SAP-OCI-BYOS:libvirt-libs-5.1.0-8.16.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:libvirt-libs-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-admin-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-bash-completion-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-client-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-config-network-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-config-nwfilter-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-interface-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-libxl-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-lxc-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-network-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-nodedev-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-nwfilter-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-qemu-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-secret-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-core-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-disk-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-iscsi-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-logical-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-mpath-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-rbd-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-driver-storage-scsi-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-hooks-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-lxc-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-qemu-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-daemon-xen-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-devel-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-doc-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-lock-sanlock-5.1.0-8.16.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:libvirt-nss-5.1.0-8.16.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20201208-1/ https://www.suse.com/security/cve/CVE-2020-12430.html CVE-2020-12430 https://bugzilla.suse.com/1170765 SUSE Bug 1170765