{"affected":[{"ecosystem_specific":{"binaries":[{"libvirt":"1.2.5-27.10.1","libvirt-client":"1.2.5-27.10.1","libvirt-client-32bit":"1.2.5-27.10.1","libvirt-daemon":"1.2.5-27.10.1","libvirt-daemon-config-network":"1.2.5-27.10.1","libvirt-daemon-config-nwfilter":"1.2.5-27.10.1","libvirt-daemon-driver-interface":"1.2.5-27.10.1","libvirt-daemon-driver-libxl":"1.2.5-27.10.1","libvirt-daemon-driver-lxc":"1.2.5-27.10.1","libvirt-daemon-driver-network":"1.2.5-27.10.1","libvirt-daemon-driver-nodedev":"1.2.5-27.10.1","libvirt-daemon-driver-nwfilter":"1.2.5-27.10.1","libvirt-daemon-driver-qemu":"1.2.5-27.10.1","libvirt-daemon-driver-secret":"1.2.5-27.10.1","libvirt-daemon-driver-storage":"1.2.5-27.10.1","libvirt-daemon-lxc":"1.2.5-27.10.1","libvirt-daemon-qemu":"1.2.5-27.10.1","libvirt-daemon-xen":"1.2.5-27.10.1","libvirt-doc":"1.2.5-27.10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12","name":"libvirt","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.5-27.10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvirt-client-32bit":"1.2.5-27.10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"libvirt","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.5-27.10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvirt":"1.2.5-27.10.1","libvirt-client":"1.2.5-27.10.1","libvirt-daemon":"1.2.5-27.10.1","libvirt-daemon-config-network":"1.2.5-27.10.1","libvirt-daemon-config-nwfilter":"1.2.5-27.10.1","libvirt-daemon-driver-interface":"1.2.5-27.10.1","libvirt-daemon-driver-libxl":"1.2.5-27.10.1","libvirt-daemon-driver-lxc":"1.2.5-27.10.1","libvirt-daemon-driver-network":"1.2.5-27.10.1","libvirt-daemon-driver-nodedev":"1.2.5-27.10.1","libvirt-daemon-driver-nwfilter":"1.2.5-27.10.1","libvirt-daemon-driver-qemu":"1.2.5-27.10.1","libvirt-daemon-driver-secret":"1.2.5-27.10.1","libvirt-daemon-driver-storage":"1.2.5-27.10.1","libvirt-daemon-lxc":"1.2.5-27.10.1","libvirt-daemon-qemu":"1.2.5-27.10.1","libvirt-daemon-xen":"1.2.5-27.10.1","libvirt-doc":"1.2.5-27.10.1","libvirt-lock-sanlock":"1.2.5-27.10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"libvirt","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.5-27.10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvirt-devel":"1.2.5-27.10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12","name":"libvirt","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.5-27.10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvirt":"1.2.5-27.10.1","libvirt-client":"1.2.5-27.10.1","libvirt-daemon":"1.2.5-27.10.1","libvirt-daemon-config-network":"1.2.5-27.10.1","libvirt-daemon-config-nwfilter":"1.2.5-27.10.1","libvirt-daemon-driver-interface":"1.2.5-27.10.1","libvirt-daemon-driver-libxl":"1.2.5-27.10.1","libvirt-daemon-driver-lxc":"1.2.5-27.10.1","libvirt-daemon-driver-network":"1.2.5-27.10.1","libvirt-daemon-driver-nodedev":"1.2.5-27.10.1","libvirt-daemon-driver-nwfilter":"1.2.5-27.10.1","libvirt-daemon-driver-qemu":"1.2.5-27.10.1","libvirt-daemon-driver-secret":"1.2.5-27.10.1","libvirt-daemon-driver-storage":"1.2.5-27.10.1","libvirt-daemon-lxc":"1.2.5-27.10.1","libvirt-daemon-qemu":"1.2.5-27.10.1","libvirt-daemon-xen":"1.2.5-27.10.1","libvirt-doc":"1.2.5-27.10.1","libvirt-lock-sanlock":"1.2.5-27.10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12","name":"libvirt","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.5-27.10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvirt-client-32bit":"1.2.5-27.10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"libvirt","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.5-27.10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvirt":"1.2.5-27.10.1","libvirt-client":"1.2.5-27.10.1","libvirt-daemon":"1.2.5-27.10.1","libvirt-daemon-config-network":"1.2.5-27.10.1","libvirt-daemon-config-nwfilter":"1.2.5-27.10.1","libvirt-daemon-driver-interface":"1.2.5-27.10.1","libvirt-daemon-driver-libxl":"1.2.5-27.10.1","libvirt-daemon-driver-lxc":"1.2.5-27.10.1","libvirt-daemon-driver-network":"1.2.5-27.10.1","libvirt-daemon-driver-nodedev":"1.2.5-27.10.1","libvirt-daemon-driver-nwfilter":"1.2.5-27.10.1","libvirt-daemon-driver-qemu":"1.2.5-27.10.1","libvirt-daemon-driver-secret":"1.2.5-27.10.1","libvirt-daemon-driver-storage":"1.2.5-27.10.1","libvirt-daemon-lxc":"1.2.5-27.10.1","libvirt-daemon-qemu":"1.2.5-27.10.1","libvirt-daemon-xen":"1.2.5-27.10.1","libvirt-doc":"1.2.5-27.10.1","libvirt-lock-sanlock":"1.2.5-27.10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"libvirt","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.5-27.10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvirt-client-32bit":"1.2.5-27.10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12","name":"libvirt","purl":"pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.5-27.10.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"libvirt was updated to fix one security issue and several non-security issues.\n\nThis security issue was fixed:\n\n- CVE-2015-0236: libvirt allowed remote authenticated users to obtain the VNC\n  password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot\n  to the virDomainSnapshotGetXMLDesc interface or (2) image to the\n  virDomainSaveImageGetXMLDesc interface. (bsc#914693)\n- CVE-2015-5313: path traversal vulnerability allowed libvirtd process to write arbitrary files into file system using root permissions (bsc#953110)\n\nTheses non-security issues were fixed:\n\n- bsc#948686: Use PAUSED state for domains that are starting up.\n- bsc#903757: Provide nodeGetSecurityModel implementation in libxl.\n- bsc#938228: Set disk type to BLOCK when driver is not tap or file.\n- bsc#948516: Fix profile_status to distinguish between errors and unconfined domains.\n- bsc#936524: Fix error starting lxc containers with direct interfaces.\n- bsc#921555: Fixed apparmor generated profile for PCI hostdevs.\n- bsc#899334: Include additional upstream fixes for systemd TerminateMachine.\n- bsc#921586: Fix security driver default settings in /etc/libvirt/qemu.conf.\n- bsc#921355: Fixed a number of QEMU apparmor abstraction problems.\n- bsc#911737: Additional fix for the case where security labels aren't automatically set.\n- bsc#914297: Allow setting the URL of an SMT server to use in place of SCC.\n- bsc#904432: Backported route definition changes.\n","id":"SUSE-SU-2016:0304-1","modified":"2016-02-01T15:46:51Z","published":"2016-02-01T15:46:51Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20160304-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/899334"},{"type":"REPORT","url":"https://bugzilla.suse.com/903757"},{"type":"REPORT","url":"https://bugzilla.suse.com/904432"},{"type":"REPORT","url":"https://bugzilla.suse.com/911737"},{"type":"REPORT","url":"https://bugzilla.suse.com/914297"},{"type":"REPORT","url":"https://bugzilla.suse.com/914693"},{"type":"REPORT","url":"https://bugzilla.suse.com/921355"},{"type":"REPORT","url":"https://bugzilla.suse.com/921555"},{"type":"REPORT","url":"https://bugzilla.suse.com/921586"},{"type":"REPORT","url":"https://bugzilla.suse.com/936524"},{"type":"REPORT","url":"https://bugzilla.suse.com/938228"},{"type":"REPORT","url":"https://bugzilla.suse.com/948516"},{"type":"REPORT","url":"https://bugzilla.suse.com/948686"},{"type":"REPORT","url":"https://bugzilla.suse.com/953110"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0236"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5313"}],"related":["CVE-2015-0236","CVE-2015-5313"],"summary":"Security update for libvirt","upstream":["CVE-2015-0236","CVE-2015-5313"]}