|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2019-3886: libvirt: virsh domhostname command discloses guest hostname in readonly mode | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Alexandros Toptsoglou <atoptsoglou> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | atoptsoglou, jfehlig, smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/228875/ | ||
| Whiteboard: | |||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Alexandros Toptsoglou
2019-04-04 17:08:01 UTC
Two patches [1] [2] that fix the issues are available. After a code review it seems that all our codestreams are affected from SLE-11-SP3 and on. Before SLE11SP3 I failed to locate the vulnerable function. In SLE11-SP3, I am not sure whether [2] can be applied. In libvirt 1.0.5 and 1.2.5 the virDomainGetHostname function is located in the file libvirt.c. In the rest vulnerable versions is located in libvirt-domain.c [1] https://www.redhat.com/archives/libvir-list/2019-April/msg00340.html [2] https://www.redhat.com/archives/libvir-list/2019-April/msg00341.html From what I've read thus far, only libvirt >= 4.8.0 is affected, which means only TW and SLE15 SP1 are affected. I'll verify this later. (In reply to Alexandros Toptsoglou from comment #1) > After a code review it seems that all our codestreams are affected from > SLE-11-SP3 and on. Before SLE11SP3 I failed to locate the vulnerable > function. You are correct. The virDomainGetHostname API was introduced in libvirt 0.10.0 and virDomainGetTime in 1.2.5. I'm not sure why the RH bug and CVE claim 4.8.0 and above. That's nonsense. > In SLE11-SP3, I am not sure whether [2] can be applied. No, it is not needed. Support for fine-grained ACL was added in libvirt 1.1.0. > In libvirt 1.0.5 and 1.2.5 the virDomainGetHostname function is located in > the file libvirt.c. > In the rest vulnerable versions is located in libvirt-domain.c libvirt.c was becoming unwieldy and was split into several libvirt-*.c files. I'll backport the patches, where necessary, to all affected products. Thanks for the analysis! SUSE-SU-2019:0948-1: An update that solves two vulnerabilities and has 6 fixes is now available.
Category: security (moderate)
Bug References: 1081516,1102604,1112182,1120813,1125665,1126325,1127458,1131595
CVE References: CVE-2019-3840,CVE-2019-3886
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src): libvirt-4.0.0-8.9.1
SUSE Linux Enterprise Server 12-SP4 (src): libvirt-4.0.0-8.9.1
SUSE Linux Enterprise Desktop 12-SP4 (src): libvirt-4.0.0-8.9.1
*** NOTE: This information is not intended to be used for external
communication, because this may only be a partial fix.
If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1294-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1120813,1126325,1127458,1131595,1131955 CVE References: CVE-2019-3840,CVE-2019-3886 Sources used: openSUSE Leap 42.3 (src): libvirt-3.3.0-24.1 SUSE-SU-2019:1285-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1131595 CVE References: CVE-2019-3886 Sources used: SUSE Linux Enterprise Module for Server Applications 15 (src): libvirt-4.0.0-9.19.4 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): libvirt-4.0.0-9.19.4 SUSE Linux Enterprise Module for Basesystem 15 (src): libvirt-4.0.0-9.19.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2019:1042-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1120813,1126325,1127458,1131595,1131955 CVE References: CVE-2019-3840,CVE-2019-3886 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): libvirt-3.3.0-5.30.1 SUSE Linux Enterprise Server 12-SP3 (src): libvirt-3.3.0-5.30.1 SUSE Linux Enterprise Desktop 12-SP3 (src): libvirt-3.3.0-5.30.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2019:1438-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1111331,1131595,1135273 CVE References: CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2019-11091,CVE-2019-3886 Sources used: SUSE OpenStack Cloud 7 (src): libvirt-2.0.0-27.54.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): libvirt-2.0.0-27.54.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): libvirt-2.0.0-27.54.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): libvirt-2.0.0-27.54.1 SUSE Enterprise Storage 4 (src): libvirt-2.0.0-27.54.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2019:14097-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1131595,1138301 CVE References: CVE-2019-10161,CVE-2019-3886 Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): libvirt-1.2.5-23.20.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): libvirt-1.2.5-23.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. Done |