Upstream information

CVE-2013-4311 at MITRE

Description

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.64
Vector AV:L/AC:L/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 836931 [RESOLVED / FIXED], 838638 [RESOLVED / FIXED], 864716 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libvirt >= 1.2.5-13.3
  • libvirt-client >= 1.2.5-13.3
  • libvirt-client-32bit >= 1.2.5-13.3
  • libvirt-daemon >= 1.2.5-13.3
  • libvirt-daemon-config-network >= 1.2.5-13.3
  • libvirt-daemon-config-nwfilter >= 1.2.5-13.3
  • libvirt-daemon-driver-interface >= 1.2.5-13.3
  • libvirt-daemon-driver-libxl >= 1.2.5-13.3
  • libvirt-daemon-driver-lxc >= 1.2.5-13.3
  • libvirt-daemon-driver-network >= 1.2.5-13.3
  • libvirt-daemon-driver-nodedev >= 1.2.5-13.3
  • libvirt-daemon-driver-nwfilter >= 1.2.5-13.3
  • libvirt-daemon-driver-qemu >= 1.2.5-13.3
  • libvirt-daemon-driver-secret >= 1.2.5-13.3
  • libvirt-daemon-driver-storage >= 1.2.5-13.3
  • libvirt-daemon-lxc >= 1.2.5-13.3
  • libvirt-daemon-qemu >= 1.2.5-13.3
  • libvirt-daemon-xen >= 1.2.5-13.3
  • libvirt-doc >= 1.2.5-13.3
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libvirt
SUSE Linux Enterprise Desktop 12 SP1
  • libvirt >= 1.2.18.1-4.22
  • libvirt-client >= 1.2.18.1-4.22
  • libvirt-client-32bit >= 1.2.18.1-4.22
  • libvirt-daemon >= 1.2.18.1-4.22
  • libvirt-daemon-config-network >= 1.2.18.1-4.22
  • libvirt-daemon-config-nwfilter >= 1.2.18.1-4.22
  • libvirt-daemon-driver-interface >= 1.2.18.1-4.22
  • libvirt-daemon-driver-libxl >= 1.2.18.1-4.22
  • libvirt-daemon-driver-lxc >= 1.2.18.1-4.22
  • libvirt-daemon-driver-network >= 1.2.18.1-4.22
  • libvirt-daemon-driver-nodedev >= 1.2.18.1-4.22
  • libvirt-daemon-driver-nwfilter >= 1.2.18.1-4.22
  • libvirt-daemon-driver-qemu >= 1.2.18.1-4.22
  • libvirt-daemon-driver-secret >= 1.2.18.1-4.22
  • libvirt-daemon-driver-storage >= 1.2.18.1-4.22
  • libvirt-daemon-lxc >= 1.2.18.1-4.22
  • libvirt-daemon-qemu >= 1.2.18.1-4.22
  • libvirt-daemon-xen >= 1.2.18.1-4.22
  • libvirt-doc >= 1.2.18.1-4.22
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libvirt
SUSE Linux Enterprise Desktop 12 SP2
  • libvirt >= 2.0.0-26.2
  • libvirt-client >= 2.0.0-26.2
  • libvirt-client-32bit >= 2.0.0-26.2
  • libvirt-daemon >= 2.0.0-26.2
  • libvirt-daemon-config-network >= 2.0.0-26.2
  • libvirt-daemon-config-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-interface >= 2.0.0-26.2
  • libvirt-daemon-driver-libxl >= 2.0.0-26.2
  • libvirt-daemon-driver-lxc >= 2.0.0-26.2
  • libvirt-daemon-driver-network >= 2.0.0-26.2
  • libvirt-daemon-driver-nodedev >= 2.0.0-26.2
  • libvirt-daemon-driver-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-qemu >= 2.0.0-26.2
  • libvirt-daemon-driver-secret >= 2.0.0-26.2
  • libvirt-daemon-driver-storage >= 2.0.0-26.2
  • libvirt-daemon-lxc >= 2.0.0-26.2
  • libvirt-daemon-qemu >= 2.0.0-26.2
  • libvirt-daemon-xen >= 2.0.0-26.2
  • libvirt-doc >= 2.0.0-26.2
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libvirt
SUSE Linux Enterprise Server 11 SP4
  • libvirt >= 1.2.5-3.76
  • libvirt-client >= 1.2.5-3.76
  • libvirt-client-32bit >= 1.2.5-3.76
  • libvirt-doc >= 1.2.5-3.76
  • libvirt-lock-sanlock >= 1.2.5-3.76
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA libvirt
SUSE Linux Enterprise Server 12
  • libvirt >= 1.2.5-13.3
  • libvirt-client >= 1.2.5-13.3
  • libvirt-daemon >= 1.2.5-13.3
  • libvirt-daemon-config-network >= 1.2.5-13.3
  • libvirt-daemon-config-nwfilter >= 1.2.5-13.3
  • libvirt-daemon-driver-interface >= 1.2.5-13.3
  • libvirt-daemon-driver-libxl >= 1.2.5-13.3
  • libvirt-daemon-driver-lxc >= 1.2.5-13.3
  • libvirt-daemon-driver-network >= 1.2.5-13.3
  • libvirt-daemon-driver-nodedev >= 1.2.5-13.3
  • libvirt-daemon-driver-nwfilter >= 1.2.5-13.3
  • libvirt-daemon-driver-qemu >= 1.2.5-13.3
  • libvirt-daemon-driver-secret >= 1.2.5-13.3
  • libvirt-daemon-driver-storage >= 1.2.5-13.3
  • libvirt-daemon-lxc >= 1.2.5-13.3
  • libvirt-daemon-qemu >= 1.2.5-13.3
  • libvirt-daemon-xen >= 1.2.5-13.3
  • libvirt-doc >= 1.2.5-13.3
  • libvirt-lock-sanlock >= 1.2.5-13.3
Patchnames:
SUSE Linux Enterprise Server 12 GA libvirt
SUSE Linux Enterprise Server 12 SP1
  • libvirt >= 1.2.18.1-4.22
  • libvirt-client >= 1.2.18.1-4.22
  • libvirt-daemon >= 1.2.18.1-4.22
  • libvirt-daemon-config-network >= 1.2.18.1-4.22
  • libvirt-daemon-config-nwfilter >= 1.2.18.1-4.22
  • libvirt-daemon-driver-interface >= 1.2.18.1-4.22
  • libvirt-daemon-driver-libxl >= 1.2.18.1-4.22
  • libvirt-daemon-driver-lxc >= 1.2.18.1-4.22
  • libvirt-daemon-driver-network >= 1.2.18.1-4.22
  • libvirt-daemon-driver-nodedev >= 1.2.18.1-4.22
  • libvirt-daemon-driver-nwfilter >= 1.2.18.1-4.22
  • libvirt-daemon-driver-qemu >= 1.2.18.1-4.22
  • libvirt-daemon-driver-secret >= 1.2.18.1-4.22
  • libvirt-daemon-driver-storage >= 1.2.18.1-4.22
  • libvirt-daemon-lxc >= 1.2.18.1-4.22
  • libvirt-daemon-qemu >= 1.2.18.1-4.22
  • libvirt-daemon-xen >= 1.2.18.1-4.22
  • libvirt-doc >= 1.2.18.1-4.22
  • libvirt-lock-sanlock >= 1.2.18.1-4.22
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libvirt
SUSE Linux Enterprise Server 12 SP2
  • libvirt >= 2.0.0-26.2
  • libvirt-client >= 2.0.0-26.2
  • libvirt-daemon >= 2.0.0-26.2
  • libvirt-daemon-config-network >= 2.0.0-26.2
  • libvirt-daemon-config-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-interface >= 2.0.0-26.2
  • libvirt-daemon-driver-libxl >= 2.0.0-26.2
  • libvirt-daemon-driver-lxc >= 2.0.0-26.2
  • libvirt-daemon-driver-network >= 2.0.0-26.2
  • libvirt-daemon-driver-nodedev >= 2.0.0-26.2
  • libvirt-daemon-driver-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-qemu >= 2.0.0-26.2
  • libvirt-daemon-driver-secret >= 2.0.0-26.2
  • libvirt-daemon-driver-storage >= 2.0.0-26.2
  • libvirt-daemon-lxc >= 2.0.0-26.2
  • libvirt-daemon-qemu >= 2.0.0-26.2
  • libvirt-daemon-xen >= 2.0.0-26.2
  • libvirt-doc >= 2.0.0-26.2
  • libvirt-lock-sanlock >= 2.0.0-26.2
  • libvirt-nss >= 2.0.0-26.2
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libvirt
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libvirt >= 2.0.0-26.2
  • libvirt-client >= 2.0.0-26.2
  • libvirt-daemon >= 2.0.0-26.2
  • libvirt-daemon-config-network >= 2.0.0-26.2
  • libvirt-daemon-config-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-interface >= 2.0.0-26.2
  • libvirt-daemon-driver-lxc >= 2.0.0-26.2
  • libvirt-daemon-driver-network >= 2.0.0-26.2
  • libvirt-daemon-driver-nodedev >= 2.0.0-26.2
  • libvirt-daemon-driver-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-qemu >= 2.0.0-26.2
  • libvirt-daemon-driver-secret >= 2.0.0-26.2
  • libvirt-daemon-driver-storage >= 2.0.0-26.2
  • libvirt-daemon-lxc >= 2.0.0-26.2
  • libvirt-daemon-qemu >= 2.0.0-26.2
  • libvirt-doc >= 2.0.0-26.2
  • libvirt-lock-sanlock >= 2.0.0-26.2
  • libvirt-nss >= 2.0.0-26.2
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libvirt
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libvirt-devel >= 1.2.5-3.76
  • libvirt-devel-32bit >= 1.2.5-3.76
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libvirt-devel
SUSE Linux Enterprise Software Development Kit 12
  • libvirt-devel >= 1.2.5-13.3
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libvirt-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libvirt-devel >= 1.2.18.1-4.22
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libvirt-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libvirt-devel >= 2.0.0-26.2
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libvirt-devel
SUSE Linux Enterprise Workstation Extension 12
  • libvirt-client-32bit >= 1.2.5-13.3
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 GA libvirt-client-32bit
SUSE Linux Enterprise Workstation Extension 12 SP1
  • libvirt-client-32bit >= 1.2.18.1-4.22
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP1 GA libvirt-client-32bit
SUSE Linux Enterprise Workstation Extension 12 SP2
  • libvirt-client-32bit >= 2.0.0-26.2
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP2 GA libvirt-client-32bit
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libvirt-devel >= 1.0.5.6-0.7.1
Builds
SAT Patch Nr: 8421
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libvirt-devel >= 1.0.5.6-0.7.1
  • libvirt-devel-32bit >= 1.0.5.6-0.7.1
Builds
SAT Patch Nr: 8421
SUSE Linux Enterprise Desktop 11 SP3
  • libvirt >= 1.0.5.6-0.7.1
  • libvirt-client >= 1.0.5.6-0.7.1
  • libvirt-doc >= 1.0.5.6-0.7.1
  • libvirt-python >= 1.0.5.6-0.7.1
Builds
SAT Patch Nr: 8421
SUSE Linux Enterprise Desktop 11 SP3
  • libvirt >= 1.0.5.6-0.7.1
  • libvirt-client >= 1.0.5.6-0.7.1
  • libvirt-client-32bit >= 1.0.5.6-0.7.1
  • libvirt-doc >= 1.0.5.6-0.7.1
  • libvirt-python >= 1.0.5.6-0.7.1
Builds
SAT Patch Nr: 8421
SUSE Linux Enterprise Server 11 SP3
  • libvirt >= 1.0.5.6-0.7.1
  • libvirt-client >= 1.0.5.6-0.7.1
  • libvirt-doc >= 1.0.5.6-0.7.1
  • libvirt-lock-sanlock >= 1.0.5.6-0.7.1
  • libvirt-python >= 1.0.5.6-0.7.1
Builds
SAT Patch Nr: 8421
SUSE Linux Enterprise Server 11 SP3
  • libvirt >= 1.0.5.6-0.7.1
  • libvirt-client >= 1.0.5.6-0.7.1
  • libvirt-client-32bit >= 1.0.5.6-0.7.1
  • libvirt-doc >= 1.0.5.6-0.7.1
  • libvirt-lock-sanlock >= 1.0.5.6-0.7.1
  • libvirt-python >= 1.0.5.6-0.7.1
Builds
SAT Patch Nr: 8421
openSUSE 12.3
  • libvirt >= 1.0.2-1.10.1
  • libvirt-client >= 1.0.2-1.10.1
  • libvirt-client-32bit >= 1.0.2-1.10.1
  • libvirt-client-debuginfo >= 1.0.2-1.10.1
  • libvirt-client-debuginfo-32bit >= 1.0.2-1.10.1
  • libvirt-debuginfo >= 1.0.2-1.10.1
  • libvirt-debugsource >= 1.0.2-1.10.1
  • libvirt-devel >= 1.0.2-1.10.1
  • libvirt-devel-32bit >= 1.0.2-1.10.1
  • libvirt-doc >= 1.0.2-1.10.1
  • libvirt-lock-sanlock >= 1.0.2-1.10.1
  • libvirt-lock-sanlock-debuginfo >= 1.0.2-1.10.1
  • libvirt-python >= 1.0.2-1.10.1
  • libvirt-python-debuginfo >= 1.0.2-1.10.1
Patchnames:
openSUSE-2013-763
openSUSE 13.2
  • libvirt >= 1.2.9-1.3
  • libvirt-client >= 1.2.9-1.3
  • libvirt-daemon >= 1.2.9-1.3
  • libvirt-daemon-config-network >= 1.2.9-1.3
  • libvirt-daemon-config-nwfilter >= 1.2.9-1.3
  • libvirt-daemon-driver-interface >= 1.2.9-1.3
  • libvirt-daemon-driver-libxl >= 1.2.9-1.3
  • libvirt-daemon-driver-lxc >= 1.2.9-1.3
  • libvirt-daemon-driver-network >= 1.2.9-1.3
  • libvirt-daemon-driver-nodedev >= 1.2.9-1.3
  • libvirt-daemon-driver-nwfilter >= 1.2.9-1.3
  • libvirt-daemon-driver-qemu >= 1.2.9-1.3
  • libvirt-daemon-driver-secret >= 1.2.9-1.3
  • libvirt-daemon-driver-storage >= 1.2.9-1.3
  • libvirt-daemon-driver-uml >= 1.2.9-1.3
  • libvirt-daemon-driver-vbox >= 1.2.9-1.3
  • libvirt-daemon-driver-xen >= 1.2.9-1.3
  • libvirt-daemon-qemu >= 1.2.9-1.3
  • libvirt-daemon-xen >= 1.2.9-1.3
Patchnames:
openSUSE 13.2 GA libvirt
openSUSE Leap 42.1
  • libvirt >= 1.2.18.1-3.2
  • libvirt-client >= 1.2.18.1-3.2
  • libvirt-daemon >= 1.2.18.1-3.2
  • libvirt-daemon-config-network >= 1.2.18.1-3.2
  • libvirt-daemon-config-nwfilter >= 1.2.18.1-3.2
  • libvirt-daemon-driver-interface >= 1.2.18.1-3.2
  • libvirt-daemon-driver-libxl >= 1.2.18.1-3.2
  • libvirt-daemon-driver-lxc >= 1.2.18.1-3.2
  • libvirt-daemon-driver-network >= 1.2.18.1-3.2
  • libvirt-daemon-driver-nodedev >= 1.2.18.1-3.2
  • libvirt-daemon-driver-nwfilter >= 1.2.18.1-3.2
  • libvirt-daemon-driver-qemu >= 1.2.18.1-3.2
  • libvirt-daemon-driver-secret >= 1.2.18.1-3.2
  • libvirt-daemon-driver-storage >= 1.2.18.1-3.2
  • libvirt-daemon-driver-uml >= 1.2.18.1-3.2
  • libvirt-daemon-driver-vbox >= 1.2.18.1-3.2
  • libvirt-daemon-lxc >= 1.2.18.1-3.2
  • libvirt-daemon-qemu >= 1.2.18.1-3.2
  • libvirt-daemon-xen >= 1.2.18.1-3.2
Patchnames:
openSUSE Leap 42.1 GA libvirt
openSUSE Leap 42.2
  • libvirt >= 2.0.0-9.1
  • libvirt-client >= 2.0.0-9.1
  • libvirt-daemon >= 2.0.0-9.1
  • libvirt-daemon-config-network >= 2.0.0-9.1
  • libvirt-daemon-config-nwfilter >= 2.0.0-9.1
  • libvirt-daemon-driver-interface >= 2.0.0-9.1
  • libvirt-daemon-driver-libxl >= 2.0.0-9.1
  • libvirt-daemon-driver-lxc >= 2.0.0-9.1
  • libvirt-daemon-driver-network >= 2.0.0-9.1
  • libvirt-daemon-driver-nodedev >= 2.0.0-9.1
  • libvirt-daemon-driver-nwfilter >= 2.0.0-9.1
  • libvirt-daemon-driver-qemu >= 2.0.0-9.1
  • libvirt-daemon-driver-secret >= 2.0.0-9.1
  • libvirt-daemon-driver-storage >= 2.0.0-9.1
  • libvirt-daemon-driver-uml >= 2.0.0-9.1
  • libvirt-daemon-driver-vbox >= 2.0.0-9.1
  • libvirt-daemon-lxc >= 2.0.0-9.1
  • libvirt-daemon-qemu >= 2.0.0-9.1
  • libvirt-daemon-xen >= 2.0.0-9.1
Patchnames:
openSUSE Leap 42.2 GA libvirt
openSUSE Tumbleweed
  • libvirt >= 2.5.0-1.1
  • libvirt-admin >= 2.5.0-1.1
  • libvirt-client >= 2.5.0-1.1
  • libvirt-daemon >= 2.5.0-1.1
  • libvirt-daemon-config-network >= 2.5.0-1.1
  • libvirt-daemon-config-nwfilter >= 2.5.0-1.1
  • libvirt-daemon-driver-interface >= 2.5.0-1.1
  • libvirt-daemon-driver-libxl >= 2.5.0-1.1
  • libvirt-daemon-driver-lxc >= 2.5.0-1.1
  • libvirt-daemon-driver-network >= 2.5.0-1.1
  • libvirt-daemon-driver-nodedev >= 2.5.0-1.1
  • libvirt-daemon-driver-nwfilter >= 2.5.0-1.1
  • libvirt-daemon-driver-qemu >= 2.5.0-1.1
  • libvirt-daemon-driver-secret >= 2.5.0-1.1
  • libvirt-daemon-driver-storage >= 2.5.0-1.1
  • libvirt-daemon-driver-uml >= 2.5.0-1.1
  • libvirt-daemon-driver-vbox >= 2.5.0-1.1
  • libvirt-daemon-lxc >= 2.5.0-1.1
  • libvirt-daemon-qemu >= 2.5.0-1.1
  • libvirt-daemon-uml >= 2.5.0-1.1
  • libvirt-daemon-vbox >= 2.5.0-1.1
  • libvirt-daemon-xen >= 2.5.0-1.1
  • libvirt-devel >= 2.5.0-1.1
  • libvirt-devel-32bit >= 2.5.0-1.1
  • libvirt-doc >= 2.5.0-1.1
  • libvirt-libs >= 2.5.0-1.1
  • libvirt-lock-sanlock >= 2.5.0-1.1
  • libvirt-nss >= 2.5.0-1.1
Patchnames:
openSUSE Tumbleweed GA libvirt