libvirt-10.9.0-3.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14490-1 Final 1 1 2024-11-13T00:00:00Z current 2024-11-13T00:00:00Z 2024-11-13T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libvirt-10.9.0-3.1 on GA media These are all security issues fixed in the libvirt-10.9.0-3.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14490 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UEZKWHJBBGGKIPJ6SR2VA5UMFQO2PBNJ/ E-Mail link for openSUSE-SU-2024:14490-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-12430/ SUSE CVE CVE-2020-12430 page https://www.suse.com/security/cve/CVE-2023-2700/ SUSE CVE CVE-2023-2700 page openSUSE Tumbleweed libvirt-10.9.0-3.1 libvirt-client-10.9.0-3.1 libvirt-client-qemu-10.9.0-3.1 libvirt-daemon-10.9.0-3.1 libvirt-daemon-common-10.9.0-3.1 libvirt-daemon-config-network-10.9.0-3.1 libvirt-daemon-config-nwfilter-10.9.0-3.1 libvirt-daemon-driver-libxl-10.9.0-3.1 libvirt-daemon-driver-lxc-10.9.0-3.1 libvirt-daemon-driver-network-10.9.0-3.1 libvirt-daemon-driver-nodedev-10.9.0-3.1 libvirt-daemon-driver-nwfilter-10.9.0-3.1 libvirt-daemon-driver-qemu-10.9.0-3.1 libvirt-daemon-driver-secret-10.9.0-3.1 libvirt-daemon-driver-storage-10.9.0-3.1 libvirt-daemon-driver-storage-core-10.9.0-3.1 libvirt-daemon-driver-storage-disk-10.9.0-3.1 libvirt-daemon-driver-storage-gluster-10.9.0-3.1 libvirt-daemon-driver-storage-iscsi-10.9.0-3.1 libvirt-daemon-driver-storage-iscsi-direct-10.9.0-3.1 libvirt-daemon-driver-storage-logical-10.9.0-3.1 libvirt-daemon-driver-storage-mpath-10.9.0-3.1 libvirt-daemon-driver-storage-rbd-10.9.0-3.1 libvirt-daemon-driver-storage-scsi-10.9.0-3.1 libvirt-daemon-hooks-10.9.0-3.1 libvirt-daemon-lock-10.9.0-3.1 libvirt-daemon-log-10.9.0-3.1 libvirt-daemon-lxc-10.9.0-3.1 libvirt-daemon-plugin-lockd-10.9.0-3.1 libvirt-daemon-plugin-sanlock-10.9.0-3.1 libvirt-daemon-proxy-10.9.0-3.1 libvirt-daemon-qemu-10.9.0-3.1 libvirt-daemon-xen-10.9.0-3.1 libvirt-devel-10.9.0-3.1 libvirt-doc-10.9.0-3.1 libvirt-libs-10.9.0-3.1 libvirt-nss-10.9.0-3.1 libvirt-ssh-proxy-10.9.0-3.1 wireshark-plugin-libvirt-10.9.0-3.1 libvirt-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-client-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-client-qemu-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-common-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-config-network-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-config-nwfilter-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-libxl-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-lxc-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-network-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-nodedev-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-nwfilter-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-qemu-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-secret-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-storage-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-storage-core-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-storage-disk-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-storage-gluster-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-storage-iscsi-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-storage-iscsi-direct-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-storage-logical-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-storage-mpath-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-storage-rbd-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-driver-storage-scsi-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-hooks-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-lock-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-log-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-lxc-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-plugin-lockd-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-plugin-sanlock-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-proxy-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-qemu-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-daemon-xen-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-devel-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-doc-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-libs-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-nss-10.9.0-3.1 as a component of openSUSE Tumbleweed libvirt-ssh-proxy-10.9.0-3.1 as a component of openSUSE Tumbleweed wireshark-plugin-libvirt-10.9.0-3.1 as a component of openSUSE Tumbleweed An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service. CVE-2020-12430 openSUSE Tumbleweed:libvirt-10.9.0-3.1 openSUSE Tumbleweed:libvirt-client-10.9.0-3.1 openSUSE Tumbleweed:libvirt-client-qemu-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-common-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-config-network-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-core-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-disk-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-gluster-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-iscsi-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-iscsi-direct-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-logical-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-mpath-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-rbd-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-scsi-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-hooks-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-lock-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-log-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-lxc-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-plugin-lockd-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-plugin-sanlock-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-proxy-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-qemu-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-xen-10.9.0-3.1 openSUSE Tumbleweed:libvirt-devel-10.9.0-3.1 openSUSE Tumbleweed:libvirt-doc-10.9.0-3.1 openSUSE Tumbleweed:libvirt-libs-10.9.0-3.1 openSUSE Tumbleweed:libvirt-nss-10.9.0-3.1 openSUSE Tumbleweed:libvirt-ssh-proxy-10.9.0-3.1 openSUSE Tumbleweed:wireshark-plugin-libvirt-10.9.0-3.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UEZKWHJBBGGKIPJ6SR2VA5UMFQO2PBNJ/ https://www.suse.com/security/cve/CVE-2020-12430.html CVE-2020-12430 https://bugzilla.suse.com/1170765 SUSE Bug 1170765 A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup. CVE-2023-2700 openSUSE Tumbleweed:libvirt-10.9.0-3.1 openSUSE Tumbleweed:libvirt-client-10.9.0-3.1 openSUSE Tumbleweed:libvirt-client-qemu-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-common-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-config-network-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-config-nwfilter-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-libxl-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-lxc-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-network-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-nodedev-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-nwfilter-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-qemu-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-secret-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-core-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-disk-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-gluster-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-iscsi-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-iscsi-direct-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-logical-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-mpath-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-rbd-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-driver-storage-scsi-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-hooks-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-lock-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-log-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-lxc-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-plugin-lockd-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-plugin-sanlock-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-proxy-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-qemu-10.9.0-3.1 openSUSE Tumbleweed:libvirt-daemon-xen-10.9.0-3.1 openSUSE Tumbleweed:libvirt-devel-10.9.0-3.1 openSUSE Tumbleweed:libvirt-doc-10.9.0-3.1 openSUSE Tumbleweed:libvirt-libs-10.9.0-3.1 openSUSE Tumbleweed:libvirt-nss-10.9.0-3.1 openSUSE Tumbleweed:libvirt-ssh-proxy-10.9.0-3.1 openSUSE Tumbleweed:wireshark-plugin-libvirt-10.9.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UEZKWHJBBGGKIPJ6SR2VA5UMFQO2PBNJ/ https://www.suse.com/security/cve/CVE-2023-2700.html CVE-2023-2700 https://bugzilla.suse.com/1211390 SUSE Bug 1211390