libvirt-2.5.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10209-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libvirt-2.5.0-1.1 on GA media These are all security issues fixed in the libvirt-2.5.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10209 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2010-2242/ SUSE CVE CVE-2010-2242 page https://www.suse.com/security/cve/CVE-2011-1146/ SUSE CVE CVE-2011-1146 page https://www.suse.com/security/cve/CVE-2011-2511/ SUSE CVE CVE-2011-2511 page https://www.suse.com/security/cve/CVE-2011-4600/ SUSE CVE CVE-2011-4600 page https://www.suse.com/security/cve/CVE-2012-3445/ SUSE CVE CVE-2012-3445 page https://www.suse.com/security/cve/CVE-2013-0170/ SUSE CVE CVE-2013-0170 page https://www.suse.com/security/cve/CVE-2013-1962/ SUSE CVE CVE-2013-1962 page https://www.suse.com/security/cve/CVE-2013-2218/ SUSE CVE CVE-2013-2218 page https://www.suse.com/security/cve/CVE-2013-2230/ SUSE CVE CVE-2013-2230 page https://www.suse.com/security/cve/CVE-2013-4153/ SUSE CVE CVE-2013-4153 page https://www.suse.com/security/cve/CVE-2013-4154/ SUSE CVE CVE-2013-4154 page https://www.suse.com/security/cve/CVE-2013-4239/ SUSE CVE CVE-2013-4239 page https://www.suse.com/security/cve/CVE-2013-4296/ SUSE CVE CVE-2013-4296 page https://www.suse.com/security/cve/CVE-2013-4297/ SUSE CVE CVE-2013-4297 page https://www.suse.com/security/cve/CVE-2013-4311/ SUSE CVE CVE-2013-4311 page https://www.suse.com/security/cve/CVE-2013-4399/ SUSE CVE CVE-2013-4399 page https://www.suse.com/security/cve/CVE-2013-4400/ SUSE CVE CVE-2013-4400 page https://www.suse.com/security/cve/CVE-2013-4401/ SUSE CVE CVE-2013-4401 page https://www.suse.com/security/cve/CVE-2013-6436/ SUSE CVE CVE-2013-6436 page https://www.suse.com/security/cve/CVE-2013-6456/ SUSE CVE CVE-2013-6456 page https://www.suse.com/security/cve/CVE-2013-6457/ SUSE CVE CVE-2013-6457 page https://www.suse.com/security/cve/CVE-2013-6458/ SUSE CVE CVE-2013-6458 page https://www.suse.com/security/cve/CVE-2014-0028/ SUSE CVE CVE-2014-0028 page https://www.suse.com/security/cve/CVE-2014-0179/ SUSE CVE CVE-2014-0179 page https://www.suse.com/security/cve/CVE-2014-1447/ SUSE CVE CVE-2014-1447 page https://www.suse.com/security/cve/CVE-2014-3633/ SUSE CVE CVE-2014-3633 page https://www.suse.com/security/cve/CVE-2014-3657/ SUSE CVE CVE-2014-3657 page https://www.suse.com/security/cve/CVE-2014-7823/ SUSE CVE CVE-2014-7823 page https://www.suse.com/security/cve/CVE-2014-8131/ SUSE CVE CVE-2014-8131 page https://www.suse.com/security/cve/CVE-2015-0236/ SUSE CVE CVE-2015-0236 page https://www.suse.com/security/cve/CVE-2015-5247/ SUSE CVE CVE-2015-5247 page https://www.suse.com/security/cve/CVE-2015-5313/ SUSE CVE CVE-2015-5313 page openSUSE Tumbleweed libvirt-2.5.0-1.1 libvirt-admin-2.5.0-1.1 libvirt-client-2.5.0-1.1 libvirt-daemon-2.5.0-1.1 libvirt-daemon-config-network-2.5.0-1.1 libvirt-daemon-config-nwfilter-2.5.0-1.1 libvirt-daemon-driver-interface-2.5.0-1.1 libvirt-daemon-driver-libxl-2.5.0-1.1 libvirt-daemon-driver-lxc-2.5.0-1.1 libvirt-daemon-driver-network-2.5.0-1.1 libvirt-daemon-driver-nodedev-2.5.0-1.1 libvirt-daemon-driver-nwfilter-2.5.0-1.1 libvirt-daemon-driver-qemu-2.5.0-1.1 libvirt-daemon-driver-secret-2.5.0-1.1 libvirt-daemon-driver-storage-2.5.0-1.1 libvirt-daemon-driver-uml-2.5.0-1.1 libvirt-daemon-driver-vbox-2.5.0-1.1 libvirt-daemon-lxc-2.5.0-1.1 libvirt-daemon-qemu-2.5.0-1.1 libvirt-daemon-uml-2.5.0-1.1 libvirt-daemon-vbox-2.5.0-1.1 libvirt-daemon-xen-2.5.0-1.1 libvirt-devel-2.5.0-1.1 libvirt-devel-32bit-2.5.0-1.1 libvirt-doc-2.5.0-1.1 libvirt-libs-2.5.0-1.1 libvirt-lock-sanlock-2.5.0-1.1 libvirt-nss-2.5.0-1.1 libvirt-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-admin-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-client-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-config-network-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-config-nwfilter-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-interface-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-libxl-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-lxc-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-network-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-nodedev-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-nwfilter-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-qemu-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-secret-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-storage-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-uml-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-vbox-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-lxc-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-qemu-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-uml-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-vbox-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-daemon-xen-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-devel-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-devel-32bit-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-doc-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-libs-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-lock-sanlock-2.5.0-1.1 as a component of openSUSE Tumbleweed libvirt-nss-2.5.0-1.1 as a component of openSUSE Tumbleweed Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. CVE-2010-2242 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2242.html CVE-2010-2242 https://bugzilla.suse.com/618155 SUSE Bug 618155 libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086. CVE-2011-1146 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1146.html CVE-2011-1146 https://bugzilla.suse.com/678406 SUSE Bug 678406 Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption. CVE-2011-2511 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2511.html CVE-2011-2511 https://bugzilla.suse.com/703084 SUSE Bug 703084 The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query. CVE-2011-4600 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-4600.html CVE-2011-4600 https://bugzilla.suse.com/736082 SUSE Bug 736082 The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer. CVE-2012-3445 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3445.html CVE-2012-3445 https://bugzilla.suse.com/773955 SUSE Bug 773955 Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. CVE-2013-0170 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0170.html CVE-2013-0170 https://bugzilla.suse.com/800976 SUSE Bug 800976 The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool." CVE-2013-1962 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1962.html CVE-2013-1962 https://bugzilla.suse.com/820397 SUSE Bug 820397 Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command. CVE-2013-2218 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 5.4 AV:L/AC:M/Au:N/C:N/I:P/A:C 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2218.html CVE-2013-2218 https://bugzilla.suse.com/827741 SUSE Bug 827741 The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration." CVE-2013-2230 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2230.html CVE-2013-2230 https://bugzilla.suse.com/827801 SUSE Bug 827801 Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command. CVE-2013-4153 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4153.html CVE-2013-4153 https://bugzilla.suse.com/830497 SUSE Bug 830497 https://bugzilla.suse.com/830498 SUSE Bug 830498 The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command. CVE-2013-4154 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4154.html CVE-2013-4154 https://bugzilla.suse.com/830498 SUSE Bug 830498 The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function. CVE-2013-4239 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4239.html CVE-2013-4239 https://bugzilla.suse.com/834598 SUSE Bug 834598 The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call. CVE-2013-4296 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4296.html CVE-2013-4296 https://bugzilla.suse.com/836931 SUSE Bug 836931 https://bugzilla.suse.com/838638 SUSE Bug 838638 The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors. CVE-2013-4297 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4297.html CVE-2013-4297 https://bugzilla.suse.com/838642 SUSE Bug 838642 libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. CVE-2013-4311 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4311.html CVE-2013-4311 https://bugzilla.suse.com/836931 SUSE Bug 836931 https://bugzilla.suse.com/838638 SUSE Bug 838638 https://bugzilla.suse.com/864716 SUSE Bug 864716 The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection. CVE-2013-4399 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4399.html CVE-2013-4399 https://bugzilla.suse.com/842300 SUSE Bug 842300 https://bugzilla.suse.com/844052 SUSE Bug 844052 virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. CVE-2013-4400 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4400.html CVE-2013-4400 https://bugzilla.suse.com/837609 SUSE Bug 837609 The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information. CVE-2013-4401 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4401.html CVE-2013-4401 https://bugzilla.suse.com/845704 SUSE Bug 845704 The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command. CVE-2013-6436 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6436.html CVE-2013-6436 https://bugzilla.suse.com/854486 SUSE Bug 854486 The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function. CVE-2013-6456 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 5.8 AV:A/AC:M/Au:S/C:N/I:P/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6456.html CVE-2013-6456 https://bugzilla.suse.com/857490 SUSE Bug 857490 https://bugzilla.suse.com/868943 SUSE Bug 868943 The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command. CVE-2013-6457 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 5.2 AV:A/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6457.html CVE-2013-6457 https://bugzilla.suse.com/858824 SUSE Bug 858824 Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command. CVE-2013-6458 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 6.8 AV:A/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6458.html CVE-2013-6458 https://bugzilla.suse.com/857492 SUSE Bug 857492 libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API. CVE-2014-0028 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 4.3 AV:A/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0028.html CVE-2014-0028 https://bugzilla.suse.com/859051 SUSE Bug 859051 libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods. CVE-2014-0179 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0179.html CVE-2014-0179 https://bugzilla.suse.com/873705 SUSE Bug 873705 Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. CVE-2014-1447 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1447.html CVE-2014-1447 https://bugzilla.suse.com/858817 SUSE Bug 858817 The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read. CVE-2014-3633 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3633.html CVE-2014-3633 https://bugzilla.suse.com/897783 SUSE Bug 897783 The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command. CVE-2014-3657 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3657.html CVE-2014-3657 https://bugzilla.suse.com/897783 SUSE Bug 897783 https://bugzilla.suse.com/899484 SUSE Bug 899484 The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag. CVE-2014-7823 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-7823.html CVE-2014-7823 https://bugzilla.suse.com/904176 SUSE Bug 904176 The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access. CVE-2014-8131 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8131.html CVE-2014-8131 https://bugzilla.suse.com/909274 SUSE Bug 909274 libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. CVE-2015-0236 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 low 4 AV:L/AC:L/Au:M/C:P/I:P/A:P 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0236.html CVE-2015-0236 https://bugzilla.suse.com/914693 SUSE Bug 914693 The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. CVE-2015-5247 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5247.html CVE-2015-5247 https://bugzilla.suse.com/945645 SUSE Bug 945645 Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name. CVE-2015-5313 openSUSE Tumbleweed:libvirt-2.5.0-1.1 openSUSE Tumbleweed:libvirt-admin-2.5.0-1.1 openSUSE Tumbleweed:libvirt-client-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-interface-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-driver-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-lxc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-qemu-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-uml-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-vbox-2.5.0-1.1 openSUSE Tumbleweed:libvirt-daemon-xen-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-2.5.0-1.1 openSUSE Tumbleweed:libvirt-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libvirt-doc-2.5.0-1.1 openSUSE Tumbleweed:libvirt-libs-2.5.0-1.1 openSUSE Tumbleweed:libvirt-lock-sanlock-2.5.0-1.1 openSUSE Tumbleweed:libvirt-nss-2.5.0-1.1 low 1.9 AV:L/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5313.html CVE-2015-5313 https://bugzilla.suse.com/953110 SUSE Bug 953110