Bug 1138303 - (CVE-2019-10167) VUL-0: CVE-2019-10167: libvirt: api: disallow virConnectGetDomainCapabilities on read-only connections
(CVE-2019-10167)
VUL-0: CVE-2019-10167: libvirt: api: disallow virConnectGetDomainCapabilities...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: James Fehlig
Security Team bot
https://smash.suse.de/issue/235187/
CVSSv3:SUSE:CVE-2019-10167:7.8:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-06-14 13:42 UTC by Marcus Meissner
Modified: 2019-09-11 22:11 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
CVE-2019-10167.patch (813 bytes, patch)
2019-06-14 13:42 UTC, Marcus Meissner
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-06-14 13:42:04 UTC
via libvirt secutrity list, reported by Matthias.

This API can be used to execute arbitrary emulators.
Forbid it on read-only connections.

Fixes: CVE-2019-10167
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
 src/libvirt-domain.c | 1 +
Comment 1 Marcus Meissner 2019-06-14 13:42:29 UTC
Created attachment 807635 [details]
CVE-2019-10167.patch

CVE-2019-10167.patch
Comment 2 James Fehlig 2019-06-14 21:53:43 UTC
This bug affects SLE11 SP4, SLE12 SP2/3/4/5, SLE15 GA/SP1, and TW.
Comment 3 Marcus Meissner 2019-06-17 11:50:35 UTC
CRD: 2019-06-20 12:00UTC
Comment 9 James Fehlig 2019-06-18 17:28:12 UTC
Sorry for the confusion. This bug affects libvirt >= 1.2.7, so SLE11 SP4 is not affected as I claimed in #2. We are covered with the existing submissions. I still need to fix TW, but that will have to wait until the embargo lifts.
Comment 15 Swamp Workflow Management 2019-06-20 17:40:15 UTC
This is an autogenerated message for OBS integration:
This bug (1138303) was mentioned in
https://build.opensuse.org/request/show/711170 Factory / libvirt
Comment 16 Swamp Workflow Management 2019-06-21 13:35:54 UTC
SUSE-SU-2019:1599-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1138301,1138302,1138303
CVE References: CVE-2019-10161,CVE-2019-10166,CVE-2019-10167
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    libvirt-4.0.0-8.15.2
SUSE Linux Enterprise Server 12-SP4 (src):    libvirt-4.0.0-8.15.2
SUSE Linux Enterprise Desktop 12-SP4 (src):    libvirt-4.0.0-8.15.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2019-06-21 16:13:07 UTC
SUSE-SU-2019:1637-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1136109,1138301,1138302,1138303
CVE References: CVE-2019-10161,CVE-2019-10166,CVE-2019-10167
Sources used:
SUSE Linux Enterprise Module for Server Applications 15 (src):    libvirt-4.0.0-9.27.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    libvirt-4.0.0-9.27.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    libvirt-4.0.0-9.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2019-06-21 16:16:24 UTC
SUSE-SU-2019:1643-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1138301,1138302,1138303,1138305
CVE References: CVE-2019-10161,CVE-2019-10166,CVE-2019-10167,CVE-2019-10168
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    libvirt-5.1.0-8.6.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    libvirt-5.1.0-8.6.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    libvirt-5.1.0-8.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Alexandros Toptsoglou 2019-06-21 16:18:25 UTC
is public now
Comment 20 Swamp Workflow Management 2019-06-24 16:16:23 UTC
SUSE-SU-2019:1686-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1138301,1138303
CVE References: CVE-2019-10161,CVE-2019-10167
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    libvirt-1.2.18.4-22.13.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    libvirt-1.2.18.4-22.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Swamp Workflow Management 2019-06-30 22:21:24 UTC
openSUSE-SU-2019:1672-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1136109,1138301,1138302,1138303
CVE References: CVE-2019-10161,CVE-2019-10166,CVE-2019-10167
Sources used:
openSUSE Leap 15.0 (src):    libvirt-4.0.0-lp150.7.18.2
Comment 22 Marcus Meissner 2019-07-01 08:52:51 UTC
released
Comment 24 Swamp Workflow Management 2019-07-20 10:10:43 UTC
openSUSE-SU-2019:1753-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1138301,1138302,1138303,1138305
CVE References: CVE-2019-10161,CVE-2019-10166,CVE-2019-10167,CVE-2019-10168
Sources used:
openSUSE Leap 15.1 (src):    libvirt-5.1.0-lp151.7.3.1
Comment 26 Swamp Workflow Management 2019-08-09 16:12:25 UTC
SUSE-SU-2019:2105-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1133719,1138301,1138303
CVE References: CVE-2019-10161,CVE-2019-10167
Sources used:
SUSE OpenStack Cloud 7 (src):    libvirt-2.0.0-27.61.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    libvirt-2.0.0-27.61.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    libvirt-2.0.0-27.61.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    libvirt-2.0.0-27.61.1
SUSE Enterprise Storage 4 (src):    libvirt-2.0.0-27.61.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2019-08-28 13:17:59 UTC
SUSE-SU-2019:2227-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1133719,1138301,1138303,1138734
CVE References: CVE-2019-10161,CVE-2019-10167
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    libvirt-3.3.0-5.40.1
SUSE OpenStack Cloud 8 (src):    libvirt-3.3.0-5.40.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    libvirt-3.3.0-5.40.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    libvirt-3.3.0-5.40.1
SUSE Enterprise Storage 5 (src):    libvirt-3.3.0-5.40.1
HPE Helion Openstack 8 (src):    libvirt-3.3.0-5.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2019-09-11 22:11:27 UTC
SUSE-SU-2019:2227-2: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1133719,1138301,1138303,1138734
CVE References: CVE-2019-10161,CVE-2019-10167
Sources used:
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    libvirt-3.3.0-5.40.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    libvirt-3.3.0-5.40.1
SUSE Enterprise Storage 5 (src):    libvirt-3.3.0-5.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.