Security update for libvirt

Announcement ID:	SUSE-SU-2020:1208-1
Rating:	important
References:	bsc#1145774 bsc#1151850 bsc#1152649 bsc#1154093 bsc#1157490 bsc#1161883 bsc#1162160 bsc#1167007 bsc#1168683 bsc#1170765 jsc#SLE-5826
Cross-References:	CVE-2020-10703 CVE-2020-12430
CVSS scores:	CVE-2020-10703 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10703 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12430 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2020-12430 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Basesystem Module 15-SP1 Server Applications Module 15-SP1 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Real Time 15 SP1 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0

An update that solves two vulnerabilities, contains one feature and has eight security fixes can now be installed.

Description:

This update for libvirt fixes the following issues:

Security issues fixed:

CVE-2020-10703: Fixed a daemon crash caused by pools without target paths (bsc#1168683).
CVE-2020-12430: Fixed a memory leak in qemuDomainGetStatsIOThread (bsc#1170765).

Non-security issues fixed:

Support setting credit2 scheduler parameters for xen (bsc#1162160).
Add SLE 15 and SLE 12 service packs support to 'libvirtd' (bsc#1154093).
Add support boot from 'vfio-ccw'and 'mdev' devices (jsc#SLE-5826, FATE#327355, bsc#1152649).
Fix lock manager lock ordering (bsc#1145774).
Do not define known no-op features. (bsc#1151850).
Enable use of newer libxl APIs for retrieving memory statistics (bsc#1157490, bsc#1167007).
Create multipath targets for qemu PR (bsc#1161883).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

Basesystem Module 15-SP1
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1208=1
Server Applications Module 15-SP1
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-1208=1

Package List:

Basesystem Module 15-SP1 (aarch64 ppc64le s390x x86_64)
- libvirt-libs-5.1.0-8.16.1
- libvirt-libs-debuginfo-5.1.0-8.16.1
- libvirt-debugsource-5.1.0-8.16.1
Server Applications Module 15-SP1 (aarch64 ppc64le s390x x86_64)
- libvirt-admin-5.1.0-8.16.1
- libvirt-daemon-5.1.0-8.16.1
- libvirt-daemon-driver-storage-disk-5.1.0-8.16.1
- libvirt-daemon-debuginfo-5.1.0-8.16.1
- libvirt-daemon-driver-storage-logical-5.1.0-8.16.1
- libvirt-daemon-driver-qemu-debuginfo-5.1.0-8.16.1
- libvirt-debugsource-5.1.0-8.16.1
- libvirt-daemon-driver-interface-debuginfo-5.1.0-8.16.1
- libvirt-daemon-driver-lxc-5.1.0-8.16.1
- libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-8.16.1
- libvirt-daemon-qemu-5.1.0-8.16.1
- libvirt-nss-debuginfo-5.1.0-8.16.1
- libvirt-client-debuginfo-5.1.0-8.16.1
- libvirt-devel-5.1.0-8.16.1
- libvirt-daemon-driver-qemu-5.1.0-8.16.1
- libvirt-daemon-driver-storage-core-5.1.0-8.16.1
- libvirt-lock-sanlock-debuginfo-5.1.0-8.16.1
- libvirt-daemon-driver-secret-debuginfo-5.1.0-8.16.1
- libvirt-daemon-driver-network-5.1.0-8.16.1
- libvirt-5.1.0-8.16.1
- libvirt-daemon-driver-lxc-debuginfo-5.1.0-8.16.1
- libvirt-nss-5.1.0-8.16.1
- libvirt-daemon-driver-nwfilter-5.1.0-8.16.1
- libvirt-daemon-driver-nodedev-5.1.0-8.16.1
- libvirt-daemon-config-nwfilter-5.1.0-8.16.1
- libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-8.16.1
- libvirt-daemon-driver-storage-mpath-5.1.0-8.16.1
- libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-8.16.1
- libvirt-daemon-lxc-5.1.0-8.16.1
- libvirt-daemon-driver-storage-scsi-5.1.0-8.16.1
- libvirt-daemon-driver-secret-5.1.0-8.16.1
- libvirt-daemon-driver-storage-iscsi-5.1.0-8.16.1
- libvirt-daemon-driver-nodedev-debuginfo-5.1.0-8.16.1
- libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-8.16.1
- libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-8.16.1
- libvirt-admin-debuginfo-5.1.0-8.16.1
- libvirt-daemon-driver-storage-core-debuginfo-5.1.0-8.16.1
- libvirt-client-5.1.0-8.16.1
- libvirt-daemon-driver-interface-5.1.0-8.16.1
- libvirt-lock-sanlock-5.1.0-8.16.1
- libvirt-daemon-driver-network-debuginfo-5.1.0-8.16.1
- libvirt-daemon-driver-storage-5.1.0-8.16.1
- libvirt-daemon-hooks-5.1.0-8.16.1
- libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-8.16.1
- libvirt-daemon-config-network-5.1.0-8.16.1
Server Applications Module 15-SP1 (noarch)
- libvirt-doc-5.1.0-8.16.1
- libvirt-bash-completion-5.1.0-8.16.1
Server Applications Module 15-SP1 (aarch64 x86_64)
- libvirt-daemon-driver-storage-rbd-5.1.0-8.16.1
- libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-8.16.1
Server Applications Module 15-SP1 (x86_64)
- libvirt-daemon-driver-libxl-debuginfo-5.1.0-8.16.1
- libvirt-daemon-driver-libxl-5.1.0-8.16.1
- libvirt-daemon-xen-5.1.0-8.16.1

Security update for libvirt

Description:

Patch Instructions:

Package List:

References: