SUSE 5149 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2019:1290-1: important: Security update for libssh2_org
openSUSE-SU-2019:1291-1: important: Security update for libssh2_org
openSUSE-SU-2019:1292-1: moderate: Security update for samba
openSUSE-SU-2019:1293-1: moderate: Security update for php7
openSUSE-SU-2019:1294-1: moderate: Security update for libvirt



openSUSE-SU-2019:1290-1: important: Security update for libssh2_org

openSUSE Security Update: Security update for libssh2_org
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1290-1
Rating: important
References: #1130103 #1133528
Cross-References: CVE-2019-3859
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for libssh2_org fixes the following issues:

- Incorrect upstream fix for CVE-2019-3859 broke public key
authentication [bsc#1133528, bsc#1130103]


This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1290=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libssh2-1-1.4.3-19.6.1
libssh2-1-debuginfo-1.4.3-19.6.1
libssh2-devel-1.4.3-19.6.1
libssh2_org-debugsource-1.4.3-19.6.1

- openSUSE Leap 42.3 (x86_64):

libssh2-1-32bit-1.4.3-19.6.1
libssh2-1-debuginfo-32bit-1.4.3-19.6.1


References:

https://www.suse.com/security/cve/CVE-2019-3859.html
https://bugzilla.suse.com/1130103
https://bugzilla.suse.com/1133528

--


openSUSE-SU-2019:1291-1: important: Security update for libssh2_org

openSUSE Security Update: Security update for libssh2_org
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1291-1
Rating: important
References: #1130103 #1133528
Cross-References: CVE-2019-3859
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for libssh2_org fixes the following issues:

- Incorrect upstream fix for CVE-2019-3859 broke public key
authentication [bsc#1133528, bsc#1130103]


This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1291=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libssh2-1-1.8.0-lp150.3.6.1
libssh2-1-debuginfo-1.8.0-lp150.3.6.1
libssh2-devel-1.8.0-lp150.3.6.1
libssh2_org-debugsource-1.8.0-lp150.3.6.1

- openSUSE Leap 15.0 (x86_64):

libssh2-1-32bit-1.8.0-lp150.3.6.1
libssh2-1-32bit-debuginfo-1.8.0-lp150.3.6.1


References:

https://www.suse.com/security/cve/CVE-2019-3859.html
https://bugzilla.suse.com/1130103
https://bugzilla.suse.com/1133528

--


openSUSE-SU-2019:1292-1: moderate: Security update for samba

openSUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1292-1
Rating: moderate
References: #1099590 #1123755 #1124223 #1127153 #1131060

Cross-References: CVE-2019-3880
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves one vulnerability and has four fixes
is now available.

Description:

This update for samba fixes the following issues:

Security issue fixed:

- CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which
allowed an unprivileged user to save registry files outside a share
(bsc#1131060).

Non-security issues fixed:

- Fix vfs_ceph ftruncate and fallocate handling (bsc#1127153).
- Abide by load_printers smb.conf parameter (bsc#1124223).
- s3:winbindd: let normalize_name_map() call
find_domain_from_name_noinit() (bsc#1123755).
- s3:passdb: Do not return OK if we don't have pinfo set up (bsc#1099590).
- s3:winbind: Fix regression (bsc#1123755).

This update was imported from the SUSE:SLE-12-SP3:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1292=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

ctdb-4.6.16+git.154.2998451b912-27.1
ctdb-debuginfo-4.6.16+git.154.2998451b912-27.1
ctdb-tests-4.6.16+git.154.2998451b912-27.1
ctdb-tests-debuginfo-4.6.16+git.154.2998451b912-27.1
libdcerpc-binding0-4.6.16+git.154.2998451b912-27.1
libdcerpc-binding0-debuginfo-4.6.16+git.154.2998451b912-27.1
libdcerpc-devel-4.6.16+git.154.2998451b912-27.1
libdcerpc-samr-devel-4.6.16+git.154.2998451b912-27.1
libdcerpc-samr0-4.6.16+git.154.2998451b912-27.1
libdcerpc-samr0-debuginfo-4.6.16+git.154.2998451b912-27.1
libdcerpc0-4.6.16+git.154.2998451b912-27.1
libdcerpc0-debuginfo-4.6.16+git.154.2998451b912-27.1
libndr-devel-4.6.16+git.154.2998451b912-27.1
libndr-krb5pac-devel-4.6.16+git.154.2998451b912-27.1
libndr-krb5pac0-4.6.16+git.154.2998451b912-27.1
libndr-krb5pac0-debuginfo-4.6.16+git.154.2998451b912-27.1
libndr-nbt-devel-4.6.16+git.154.2998451b912-27.1
libndr-nbt0-4.6.16+git.154.2998451b912-27.1
libndr-nbt0-debuginfo-4.6.16+git.154.2998451b912-27.1
libndr-standard-devel-4.6.16+git.154.2998451b912-27.1
libndr-standard0-4.6.16+git.154.2998451b912-27.1
libndr-standard0-debuginfo-4.6.16+git.154.2998451b912-27.1
libndr0-4.6.16+git.154.2998451b912-27.1
libndr0-debuginfo-4.6.16+git.154.2998451b912-27.1
libnetapi-devel-4.6.16+git.154.2998451b912-27.1
libnetapi0-4.6.16+git.154.2998451b912-27.1
libnetapi0-debuginfo-4.6.16+git.154.2998451b912-27.1
libsamba-credentials-devel-4.6.16+git.154.2998451b912-27.1
libsamba-credentials0-4.6.16+git.154.2998451b912-27.1
libsamba-credentials0-debuginfo-4.6.16+git.154.2998451b912-27.1
libsamba-errors-devel-4.6.16+git.154.2998451b912-27.1
libsamba-errors0-4.6.16+git.154.2998451b912-27.1
libsamba-errors0-debuginfo-4.6.16+git.154.2998451b912-27.1
libsamba-hostconfig-devel-4.6.16+git.154.2998451b912-27.1
libsamba-hostconfig0-4.6.16+git.154.2998451b912-27.1
libsamba-hostconfig0-debuginfo-4.6.16+git.154.2998451b912-27.1
libsamba-passdb-devel-4.6.16+git.154.2998451b912-27.1
libsamba-passdb0-4.6.16+git.154.2998451b912-27.1
libsamba-passdb0-debuginfo-4.6.16+git.154.2998451b912-27.1
libsamba-policy-devel-4.6.16+git.154.2998451b912-27.1
libsamba-policy0-4.6.16+git.154.2998451b912-27.1
libsamba-policy0-debuginfo-4.6.16+git.154.2998451b912-27.1
libsamba-util-devel-4.6.16+git.154.2998451b912-27.1
libsamba-util0-4.6.16+git.154.2998451b912-27.1
libsamba-util0-debuginfo-4.6.16+git.154.2998451b912-27.1
libsamdb-devel-4.6.16+git.154.2998451b912-27.1
libsamdb0-4.6.16+git.154.2998451b912-27.1
libsamdb0-debuginfo-4.6.16+git.154.2998451b912-27.1
libsmbclient-devel-4.6.16+git.154.2998451b912-27.1
libsmbclient0-4.6.16+git.154.2998451b912-27.1
libsmbclient0-debuginfo-4.6.16+git.154.2998451b912-27.1
libsmbconf-devel-4.6.16+git.154.2998451b912-27.1
libsmbconf0-4.6.16+git.154.2998451b912-27.1
libsmbconf0-debuginfo-4.6.16+git.154.2998451b912-27.1
libsmbldap-devel-4.6.16+git.154.2998451b912-27.1
libsmbldap0-4.6.16+git.154.2998451b912-27.1
libsmbldap0-debuginfo-4.6.16+git.154.2998451b912-27.1
libtevent-util-devel-4.6.16+git.154.2998451b912-27.1
libtevent-util0-4.6.16+git.154.2998451b912-27.1
libtevent-util0-debuginfo-4.6.16+git.154.2998451b912-27.1
libwbclient-devel-4.6.16+git.154.2998451b912-27.1
libwbclient0-4.6.16+git.154.2998451b912-27.1
libwbclient0-debuginfo-4.6.16+git.154.2998451b912-27.1
samba-4.6.16+git.154.2998451b912-27.1
samba-client-4.6.16+git.154.2998451b912-27.1
samba-client-debuginfo-4.6.16+git.154.2998451b912-27.1
samba-core-devel-4.6.16+git.154.2998451b912-27.1
samba-debuginfo-4.6.16+git.154.2998451b912-27.1
samba-debugsource-4.6.16+git.154.2998451b912-27.1
samba-libs-4.6.16+git.154.2998451b912-27.1
samba-libs-debuginfo-4.6.16+git.154.2998451b912-27.1
samba-pidl-4.6.16+git.154.2998451b912-27.1
samba-python-4.6.16+git.154.2998451b912-27.1
samba-python-debuginfo-4.6.16+git.154.2998451b912-27.1
samba-test-4.6.16+git.154.2998451b912-27.1
samba-test-debuginfo-4.6.16+git.154.2998451b912-27.1
samba-winbind-4.6.16+git.154.2998451b912-27.1
samba-winbind-debuginfo-4.6.16+git.154.2998451b912-27.1

- openSUSE Leap 42.3 (x86_64):

libdcerpc-binding0-32bit-4.6.16+git.154.2998451b912-27.1
libdcerpc-binding0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libdcerpc-samr0-32bit-4.6.16+git.154.2998451b912-27.1
libdcerpc-samr0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libdcerpc0-32bit-4.6.16+git.154.2998451b912-27.1
libdcerpc0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libndr-krb5pac0-32bit-4.6.16+git.154.2998451b912-27.1
libndr-krb5pac0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libndr-nbt0-32bit-4.6.16+git.154.2998451b912-27.1
libndr-nbt0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libndr-standard0-32bit-4.6.16+git.154.2998451b912-27.1
libndr-standard0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libndr0-32bit-4.6.16+git.154.2998451b912-27.1
libndr0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libnetapi0-32bit-4.6.16+git.154.2998451b912-27.1
libnetapi0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libsamba-credentials0-32bit-4.6.16+git.154.2998451b912-27.1
libsamba-credentials0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libsamba-errors0-32bit-4.6.16+git.154.2998451b912-27.1
libsamba-errors0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libsamba-hostconfig0-32bit-4.6.16+git.154.2998451b912-27.1
libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libsamba-passdb0-32bit-4.6.16+git.154.2998451b912-27.1
libsamba-passdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libsamba-policy0-32bit-4.6.16+git.154.2998451b912-27.1
libsamba-policy0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libsamba-util0-32bit-4.6.16+git.154.2998451b912-27.1
libsamba-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libsamdb0-32bit-4.6.16+git.154.2998451b912-27.1
libsamdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libsmbclient0-32bit-4.6.16+git.154.2998451b912-27.1
libsmbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libsmbconf0-32bit-4.6.16+git.154.2998451b912-27.1
libsmbconf0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libsmbldap0-32bit-4.6.16+git.154.2998451b912-27.1
libsmbldap0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libtevent-util0-32bit-4.6.16+git.154.2998451b912-27.1
libtevent-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
libwbclient0-32bit-4.6.16+git.154.2998451b912-27.1
libwbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
samba-ceph-4.6.16+git.154.2998451b912-27.1
samba-ceph-debuginfo-4.6.16+git.154.2998451b912-27.1
samba-client-32bit-4.6.16+git.154.2998451b912-27.1
samba-client-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
samba-libs-32bit-4.6.16+git.154.2998451b912-27.1
samba-libs-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1
samba-winbind-32bit-4.6.16+git.154.2998451b912-27.1
samba-winbind-debuginfo-32bit-4.6.16+git.154.2998451b912-27.1

- openSUSE Leap 42.3 (noarch):

samba-doc-4.6.16+git.154.2998451b912-27.1


References:

https://www.suse.com/security/cve/CVE-2019-3880.html
https://bugzilla.suse.com/1099590
https://bugzilla.suse.com/1123755
https://bugzilla.suse.com/1124223
https://bugzilla.suse.com/1127153
https://bugzilla.suse.com/1131060

--


openSUSE-SU-2019:1293-1: moderate: Security update for php7

openSUSE Security Update: Security update for php7
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1293-1
Rating: moderate
References: #1126711 #1126713 #1126821 #1126823 #1127122
#1128722 #1128883 #1128886 #1128887 #1128889
#1128892 #1129032
Cross-References: CVE-2018-20783 CVE-2019-9020 CVE-2019-9021
CVE-2019-9023 CVE-2019-9024 CVE-2019-9637
CVE-2019-9638 CVE-2019-9639 CVE-2019-9640
CVE-2019-9641 CVE-2019-9675
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves 11 vulnerabilities and has one errata
is now available.

Description:

This update for php7 fixes the following issues:

Security issues fixed:

- CVE-2019-9637: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128892).
- CVE-2019-9675: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128886).
- CVE-2019-9638: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension ((bsc#1128889).
- CVE-2019-9639: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128887).
- CVE-2019-9640: Fixed improper implementation of rename function and
multiple invalid memory access in EXIF extension (bsc#1128883).
- CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which
could allow to a hostile XMLRPC server to cause memory read outside the
allocated areas (bsc#1126821).
- CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function
(bsc#1126711).
- CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which
could allow an attacker to read allocated and unallocated memory when
parsing a phar file (bsc#1127122).
- CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR
reading functions which could allow an attacker to read allocated and
unallocated memory when parsing a phar file (bsc#1126713).
- CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in
mbstring regular expression functions (bsc#1126823).
- CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension
and improved insecure implementation
of rename function (bsc#1128722).

Other issue addressed:

- Deleted README.default_socket_timeout which is not needed anymore
(bsc#1129032).

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1293=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

apache2-mod_php7-7.0.7-58.1
apache2-mod_php7-debuginfo-7.0.7-58.1
php7-7.0.7-58.1
php7-bcmath-7.0.7-58.1
php7-bcmath-debuginfo-7.0.7-58.1
php7-bz2-7.0.7-58.1
php7-bz2-debuginfo-7.0.7-58.1
php7-calendar-7.0.7-58.1
php7-calendar-debuginfo-7.0.7-58.1
php7-ctype-7.0.7-58.1
php7-ctype-debuginfo-7.0.7-58.1
php7-curl-7.0.7-58.1
php7-curl-debuginfo-7.0.7-58.1
php7-dba-7.0.7-58.1
php7-dba-debuginfo-7.0.7-58.1
php7-debuginfo-7.0.7-58.1
php7-debugsource-7.0.7-58.1
php7-devel-7.0.7-58.1
php7-dom-7.0.7-58.1
php7-dom-debuginfo-7.0.7-58.1
php7-enchant-7.0.7-58.1
php7-enchant-debuginfo-7.0.7-58.1
php7-exif-7.0.7-58.1
php7-exif-debuginfo-7.0.7-58.1
php7-fastcgi-7.0.7-58.1
php7-fastcgi-debuginfo-7.0.7-58.1
php7-fileinfo-7.0.7-58.1
php7-fileinfo-debuginfo-7.0.7-58.1
php7-firebird-7.0.7-58.1
php7-firebird-debuginfo-7.0.7-58.1
php7-fpm-7.0.7-58.1
php7-fpm-debuginfo-7.0.7-58.1
php7-ftp-7.0.7-58.1
php7-ftp-debuginfo-7.0.7-58.1
php7-gd-7.0.7-58.1
php7-gd-debuginfo-7.0.7-58.1
php7-gettext-7.0.7-58.1
php7-gettext-debuginfo-7.0.7-58.1
php7-gmp-7.0.7-58.1
php7-gmp-debuginfo-7.0.7-58.1
php7-iconv-7.0.7-58.1
php7-iconv-debuginfo-7.0.7-58.1
php7-imap-7.0.7-58.1
php7-imap-debuginfo-7.0.7-58.1
php7-intl-7.0.7-58.1
php7-intl-debuginfo-7.0.7-58.1
php7-json-7.0.7-58.1
php7-json-debuginfo-7.0.7-58.1
php7-ldap-7.0.7-58.1
php7-ldap-debuginfo-7.0.7-58.1
php7-mbstring-7.0.7-58.1
php7-mbstring-debuginfo-7.0.7-58.1
php7-mcrypt-7.0.7-58.1
php7-mcrypt-debuginfo-7.0.7-58.1
php7-mysql-7.0.7-58.1
php7-mysql-debuginfo-7.0.7-58.1
php7-odbc-7.0.7-58.1
php7-odbc-debuginfo-7.0.7-58.1
php7-opcache-7.0.7-58.1
php7-opcache-debuginfo-7.0.7-58.1
php7-openssl-7.0.7-58.1
php7-openssl-debuginfo-7.0.7-58.1
php7-pcntl-7.0.7-58.1
php7-pcntl-debuginfo-7.0.7-58.1
php7-pdo-7.0.7-58.1
php7-pdo-debuginfo-7.0.7-58.1
php7-pgsql-7.0.7-58.1
php7-pgsql-debuginfo-7.0.7-58.1
php7-phar-7.0.7-58.1
php7-phar-debuginfo-7.0.7-58.1
php7-posix-7.0.7-58.1
php7-posix-debuginfo-7.0.7-58.1
php7-pspell-7.0.7-58.1
php7-pspell-debuginfo-7.0.7-58.1
php7-readline-7.0.7-58.1
php7-readline-debuginfo-7.0.7-58.1
php7-shmop-7.0.7-58.1
php7-shmop-debuginfo-7.0.7-58.1
php7-snmp-7.0.7-58.1
php7-snmp-debuginfo-7.0.7-58.1
php7-soap-7.0.7-58.1
php7-soap-debuginfo-7.0.7-58.1
php7-sockets-7.0.7-58.1
php7-sockets-debuginfo-7.0.7-58.1
php7-sqlite-7.0.7-58.1
php7-sqlite-debuginfo-7.0.7-58.1
php7-sysvmsg-7.0.7-58.1
php7-sysvmsg-debuginfo-7.0.7-58.1
php7-sysvsem-7.0.7-58.1
php7-sysvsem-debuginfo-7.0.7-58.1
php7-sysvshm-7.0.7-58.1
php7-sysvshm-debuginfo-7.0.7-58.1
php7-tidy-7.0.7-58.1
php7-tidy-debuginfo-7.0.7-58.1
php7-tokenizer-7.0.7-58.1
php7-tokenizer-debuginfo-7.0.7-58.1
php7-wddx-7.0.7-58.1
php7-wddx-debuginfo-7.0.7-58.1
php7-xmlreader-7.0.7-58.1
php7-xmlreader-debuginfo-7.0.7-58.1
php7-xmlrpc-7.0.7-58.1
php7-xmlrpc-debuginfo-7.0.7-58.1
php7-xmlwriter-7.0.7-58.1
php7-xmlwriter-debuginfo-7.0.7-58.1
php7-xsl-7.0.7-58.1
php7-xsl-debuginfo-7.0.7-58.1
php7-zip-7.0.7-58.1
php7-zip-debuginfo-7.0.7-58.1
php7-zlib-7.0.7-58.1
php7-zlib-debuginfo-7.0.7-58.1

- openSUSE Leap 42.3 (noarch):

php7-pear-7.0.7-58.1
php7-pear-Archive_Tar-7.0.7-58.1


References:

https://www.suse.com/security/cve/CVE-2018-20783.html
https://www.suse.com/security/cve/CVE-2019-9020.html
https://www.suse.com/security/cve/CVE-2019-9021.html
https://www.suse.com/security/cve/CVE-2019-9023.html
https://www.suse.com/security/cve/CVE-2019-9024.html
https://www.suse.com/security/cve/CVE-2019-9637.html
https://www.suse.com/security/cve/CVE-2019-9638.html
https://www.suse.com/security/cve/CVE-2019-9639.html
https://www.suse.com/security/cve/CVE-2019-9640.html
https://www.suse.com/security/cve/CVE-2019-9641.html
https://www.suse.com/security/cve/CVE-2019-9675.html
https://bugzilla.suse.com/1126711
https://bugzilla.suse.com/1126713
https://bugzilla.suse.com/1126821
https://bugzilla.suse.com/1126823
https://bugzilla.suse.com/1127122
https://bugzilla.suse.com/1128722
https://bugzilla.suse.com/1128883
https://bugzilla.suse.com/1128886
https://bugzilla.suse.com/1128887
https://bugzilla.suse.com/1128889
https://bugzilla.suse.com/1128892
https://bugzilla.suse.com/1129032

--


openSUSE-SU-2019:1294-1: moderate: Security update for libvirt

openSUSE Security Update: Security update for libvirt
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1294-1
Rating: moderate
References: #1120813 #1126325 #1127458 #1131595 #1131955

Cross-References: CVE-2019-3840 CVE-2019-3886
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves two vulnerabilities and has three
fixes is now available.

Description:

This update for libvirt fixes the following issues:

Security issues fixed:

- CVE-2019-3840: Fixed a null pointer dereference vulnerability in
virJSONValueObjectHasKey function which could have resulted in a remote
denial of service via the guest agent (bsc#1127458).
- CVE-2019-3886: Fixed an information leak which allowed to retrieve the
guest hostname under readonly mode (bsc#1131595).

Other issue addressed:

- cpu: add Skylake-Server and Skylake-Server-IBRS CPU models (FATE#327261,
bsc#1131955)
- libxl: save current memory value after successful balloon (bsc#1120813).
- libxl: support Xen's max_grant_frames setting with maxGrantFrames
attribute on the xenbus controller (bsc#1126325).
- conf: add new 'xenbus' controller type

This update was imported from the SUSE:SLE-12-SP3:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1294=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libvirt-3.3.0-24.1
libvirt-admin-3.3.0-24.1
libvirt-admin-debuginfo-3.3.0-24.1
libvirt-client-3.3.0-24.1
libvirt-client-debuginfo-3.3.0-24.1
libvirt-daemon-3.3.0-24.1
libvirt-daemon-config-network-3.3.0-24.1
libvirt-daemon-config-nwfilter-3.3.0-24.1
libvirt-daemon-debuginfo-3.3.0-24.1
libvirt-daemon-driver-interface-3.3.0-24.1
libvirt-daemon-driver-interface-debuginfo-3.3.0-24.1
libvirt-daemon-driver-lxc-3.3.0-24.1
libvirt-daemon-driver-lxc-debuginfo-3.3.0-24.1
libvirt-daemon-driver-network-3.3.0-24.1
libvirt-daemon-driver-network-debuginfo-3.3.0-24.1
libvirt-daemon-driver-nodedev-3.3.0-24.1
libvirt-daemon-driver-nodedev-debuginfo-3.3.0-24.1
libvirt-daemon-driver-nwfilter-3.3.0-24.1
libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-24.1
libvirt-daemon-driver-qemu-3.3.0-24.1
libvirt-daemon-driver-qemu-debuginfo-3.3.0-24.1
libvirt-daemon-driver-secret-3.3.0-24.1
libvirt-daemon-driver-secret-debuginfo-3.3.0-24.1
libvirt-daemon-driver-storage-3.3.0-24.1
libvirt-daemon-driver-storage-core-3.3.0-24.1
libvirt-daemon-driver-storage-core-debuginfo-3.3.0-24.1
libvirt-daemon-driver-storage-disk-3.3.0-24.1
libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-24.1
libvirt-daemon-driver-storage-iscsi-3.3.0-24.1
libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-24.1
libvirt-daemon-driver-storage-logical-3.3.0-24.1
libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-24.1
libvirt-daemon-driver-storage-mpath-3.3.0-24.1
libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-24.1
libvirt-daemon-driver-storage-scsi-3.3.0-24.1
libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-24.1
libvirt-daemon-driver-uml-3.3.0-24.1
libvirt-daemon-driver-uml-debuginfo-3.3.0-24.1
libvirt-daemon-driver-vbox-3.3.0-24.1
libvirt-daemon-driver-vbox-debuginfo-3.3.0-24.1
libvirt-daemon-hooks-3.3.0-24.1
libvirt-daemon-lxc-3.3.0-24.1
libvirt-daemon-qemu-3.3.0-24.1
libvirt-daemon-uml-3.3.0-24.1
libvirt-daemon-vbox-3.3.0-24.1
libvirt-debugsource-3.3.0-24.1
libvirt-devel-3.3.0-24.1
libvirt-doc-3.3.0-24.1
libvirt-libs-3.3.0-24.1
libvirt-libs-debuginfo-3.3.0-24.1
libvirt-lock-sanlock-3.3.0-24.1
libvirt-lock-sanlock-debuginfo-3.3.0-24.1
libvirt-nss-3.3.0-24.1
libvirt-nss-debuginfo-3.3.0-24.1

- openSUSE Leap 42.3 (x86_64):

libvirt-client-debuginfo-32bit-3.3.0-24.1
libvirt-daemon-driver-libxl-3.3.0-24.1
libvirt-daemon-driver-libxl-debuginfo-3.3.0-24.1
libvirt-daemon-driver-storage-rbd-3.3.0-24.1
libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-24.1
libvirt-daemon-xen-3.3.0-24.1
libvirt-devel-32bit-3.3.0-24.1


References:

https://www.suse.com/security/cve/CVE-2019-3840.html
https://www.suse.com/security/cve/CVE-2019-3886.html
https://bugzilla.suse.com/1120813
https://bugzilla.suse.com/1126325
https://bugzilla.suse.com/1127458
https://bugzilla.suse.com/1131595
https://bugzilla.suse.com/1131955

--