Security update for libvirt

Announcement ID:	SUSE-SU-2015:0241-1
Rating:	moderate
References:	bsc#891936 bsc#899334 bsc#899484 bsc#900587 bsc#902976 bsc#903756 bsc#904176 bsc#904426 bsc#904432 bsc#909828 bsc#910862 bsc#911737
Cross-References:	CVE-2014-3657 CVE-2014-7823 CVE-2014-8136
CVSS scores:
Affected Products:	SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Workstation Extension 12

An update that solves three vulnerabilities and has nine security fixes can now be installed.

Description:

libvirt was updated to fix security issues and bugs.

These security issues were fixed: - Fixed denial of service flaw in libvirt's virConnectListAllDomains() function (CVE-2014-3657). - Information leak with flag VIR_DOMAIN_XML_MIGRATABLE (CVE-2014-7823). - local denial of service in qemu driver (CVE-2014-8136)

These non-security issues were fixed: - Get /proc/sys/net/ipv[46] read-write for wicked to work in containers (bsc#904432). - libxl: Several migration improvements (bsc#903756). - libxl: allow libxl to find pygrub binary (bdo#770485). - Fix Qemu AppArmor abstraction (bsc#904426). - AppArmor confined kvm domains couldn't find the apparmor profile template (bnc#902976). - Backport commit c110cdb2 to fix non-raw storage format error (bnc#900587). - qemu: use systemd's TerminateMachine to kill all processes (bsc#899334). - Transformed Errors into warnings in detect_scsi_host_caps. - Fix a missing cleanup for lxc containers. - Adding network configuration to containers. bsc#904432

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12
  zypper in -t patch SUSE-SLE-DESKTOP-12-2015-59=1
• SUSE Linux Enterprise Software Development Kit 12
  zypper in -t patch SUSE-SLE-SDK-12-2015-59=1
• SUSE Linux Enterprise Server 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-59=1
• SUSE Linux Enterprise Server for SAP Applications 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-59=1
• SUSE Linux Enterprise Workstation Extension 12
  zypper in -t patch SUSE-SLE-WE-12-2015-59=1

Package List:

• SUSE Linux Enterprise Desktop 12 (x86_64)
  • libvirt-1.2.5-21.1
  • libvirt-daemon-driver-network-1.2.5-21.1
  • libvirt-debugsource-1.2.5-21.1
  • libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-21.1
  • libvirt-daemon-qemu-1.2.5-21.1
  • libvirt-doc-1.2.5-21.1
  • libvirt-daemon-driver-nwfilter-1.2.5-21.1
  • libvirt-daemon-debuginfo-1.2.5-21.1
  • libvirt-daemon-xen-1.2.5-21.1
  • libvirt-daemon-driver-interface-debuginfo-1.2.5-21.1
  • libvirt-daemon-config-nwfilter-1.2.5-21.1
  • libvirt-daemon-driver-secret-1.2.5-21.1
  • libvirt-client-32bit-1.2.5-21.1
  • libvirt-daemon-driver-network-debuginfo-1.2.5-21.1
  • libvirt-daemon-config-network-1.2.5-21.1
  • libvirt-daemon-1.2.5-21.1
  • libvirt-daemon-driver-lxc-1.2.5-21.1
  • libvirt-daemon-driver-secret-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-lxc-debuginfo-1.2.5-21.1
  • libvirt-client-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-storage-debuginfo-1.2.5-21.1
  • libvirt-daemon-lxc-1.2.5-21.1
  • libvirt-client-1.2.5-21.1
  • libvirt-daemon-driver-storage-1.2.5-21.1
  • libvirt-daemon-driver-nodedev-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-interface-1.2.5-21.1
  • libvirt-client-debuginfo-32bit-1.2.5-21.1
  • libvirt-daemon-driver-libxl-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-libxl-1.2.5-21.1
  • libvirt-daemon-driver-nodedev-1.2.5-21.1
  • libvirt-daemon-driver-qemu-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-qemu-1.2.5-21.1
• SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
  • libvirt-debugsource-1.2.5-21.1
  • libvirt-devel-1.2.5-21.1
• SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
  • libvirt-1.2.5-21.1
  • libvirt-daemon-driver-network-1.2.5-21.1
  • libvirt-debugsource-1.2.5-21.1
  • libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-21.1
  • libvirt-daemon-qemu-1.2.5-21.1
  • libvirt-doc-1.2.5-21.1
  • libvirt-daemon-driver-nwfilter-1.2.5-21.1
  • libvirt-daemon-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-interface-debuginfo-1.2.5-21.1
  • libvirt-daemon-config-nwfilter-1.2.5-21.1
  • libvirt-daemon-driver-secret-1.2.5-21.1
  • libvirt-daemon-driver-network-debuginfo-1.2.5-21.1
  • libvirt-daemon-config-network-1.2.5-21.1
  • libvirt-daemon-1.2.5-21.1
  • libvirt-daemon-driver-lxc-1.2.5-21.1
  • libvirt-daemon-driver-secret-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-lxc-debuginfo-1.2.5-21.1
  • libvirt-lock-sanlock-1.2.5-21.1
  • libvirt-client-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-storage-debuginfo-1.2.5-21.1
  • libvirt-daemon-lxc-1.2.5-21.1
  • libvirt-client-1.2.5-21.1
  • libvirt-daemon-driver-storage-1.2.5-21.1
  • libvirt-daemon-driver-nodedev-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-interface-1.2.5-21.1
  • libvirt-lock-sanlock-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-nodedev-1.2.5-21.1
  • libvirt-daemon-driver-qemu-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-qemu-1.2.5-21.1
• SUSE Linux Enterprise Server 12 (x86_64)
  • libvirt-daemon-driver-libxl-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-libxl-1.2.5-21.1
  • libvirt-daemon-xen-1.2.5-21.1
• SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
  • libvirt-1.2.5-21.1
  • libvirt-daemon-driver-network-1.2.5-21.1
  • libvirt-debugsource-1.2.5-21.1
  • libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-21.1
  • libvirt-daemon-qemu-1.2.5-21.1
  • libvirt-doc-1.2.5-21.1
  • libvirt-daemon-driver-nwfilter-1.2.5-21.1
  • libvirt-daemon-debuginfo-1.2.5-21.1
  • libvirt-daemon-xen-1.2.5-21.1
  • libvirt-daemon-driver-interface-debuginfo-1.2.5-21.1
  • libvirt-daemon-config-nwfilter-1.2.5-21.1
  • libvirt-daemon-driver-secret-1.2.5-21.1
  • libvirt-daemon-driver-network-debuginfo-1.2.5-21.1
  • libvirt-daemon-config-network-1.2.5-21.1
  • libvirt-daemon-1.2.5-21.1
  • libvirt-daemon-driver-lxc-1.2.5-21.1
  • libvirt-daemon-driver-secret-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-lxc-debuginfo-1.2.5-21.1
  • libvirt-lock-sanlock-1.2.5-21.1
  • libvirt-client-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-storage-debuginfo-1.2.5-21.1
  • libvirt-daemon-lxc-1.2.5-21.1
  • libvirt-client-1.2.5-21.1
  • libvirt-daemon-driver-storage-1.2.5-21.1
  • libvirt-daemon-driver-nodedev-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-interface-1.2.5-21.1
  • libvirt-daemon-driver-libxl-debuginfo-1.2.5-21.1
  • libvirt-lock-sanlock-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-libxl-1.2.5-21.1
  • libvirt-daemon-driver-nodedev-1.2.5-21.1
  • libvirt-daemon-driver-qemu-debuginfo-1.2.5-21.1
  • libvirt-daemon-driver-qemu-1.2.5-21.1
• SUSE Linux Enterprise Workstation Extension 12 (x86_64)
  • libvirt-client-debuginfo-32bit-1.2.5-21.1
  • libvirt-client-32bit-1.2.5-21.1

References:

• https://www.suse.com/security/cve/CVE-2014-3657.html
• https://www.suse.com/security/cve/CVE-2014-7823.html
• https://www.suse.com/security/cve/CVE-2014-8136.html
• https://bugzilla.suse.com/show_bug.cgi?id=891936
• https://bugzilla.suse.com/show_bug.cgi?id=899334
• https://bugzilla.suse.com/show_bug.cgi?id=899484
• https://bugzilla.suse.com/show_bug.cgi?id=900587
• https://bugzilla.suse.com/show_bug.cgi?id=902976
• https://bugzilla.suse.com/show_bug.cgi?id=903756
• https://bugzilla.suse.com/show_bug.cgi?id=904176
• https://bugzilla.suse.com/show_bug.cgi?id=904426
• https://bugzilla.suse.com/show_bug.cgi?id=904432
• https://bugzilla.suse.com/show_bug.cgi?id=909828
• https://bugzilla.suse.com/show_bug.cgi?id=910862
• https://bugzilla.suse.com/show_bug.cgi?id=911737