Bug 1138303 – VUL-0: CVE-2019-10167: libvirt: api: disallow virConnectGetDomainCapabilities on read-only connections

Bug 1138303 - (CVE-2019-10167) VUL-0: CVE-2019-10167: libvirt: api: disallow virConnectGetDomainCapabilities on read-only connections

(CVE-2019-10167)
Summary:	VUL-0: CVE-2019-10167: libvirt: api: disallow virConnectGetDomainCapabilities...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	James Fehlig
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/235187/
Whiteboard:	CVSSv3:SUSE:CVE-2019-10167:7.8:(AV:L/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2019-06-14 13:42 UTC by Marcus Meissner
Modified:	2019-09-11 22:11 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
CVE-2019-10167.patch (813 bytes, patch) 2019-06-14 13:42 UTC, Marcus Meissner	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2019-06-14 13:42:04 UTC

via libvirt secutrity list, reported by Matthias.

This API can be used to execute arbitrary emulators.
Forbid it on read-only connections.

Fixes: CVE-2019-10167
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
 src/libvirt-domain.c | 1 +

Comment 1 Marcus Meissner 2019-06-14 13:42:29 UTC

Created attachment 807635 [details]
CVE-2019-10167.patch

CVE-2019-10167.patch

Comment 2 James Fehlig 2019-06-14 21:53:43 UTC

This bug affects SLE11 SP4, SLE12 SP2/3/4/5, SLE15 GA/SP1, and TW.

Comment 3 Marcus Meissner 2019-06-17 11:50:35 UTC

CRD: 2019-06-20 12:00UTC

Comment 9 James Fehlig 2019-06-18 17:28:12 UTC

Sorry for the confusion. This bug affects libvirt >= 1.2.7, so SLE11 SP4 is not affected as I claimed in #2. We are covered with the existing submissions. I still need to fix TW, but that will have to wait until the embargo lifts.

Comment 15 Swamp Workflow Management 2019-06-20 17:40:15 UTC

This is an autogenerated message for OBS integration:
This bug (1138303) was mentioned in
https://build.opensuse.org/request/show/711170 Factory / libvirt

Comment 16 Swamp Workflow Management 2019-06-21 13:35:54 UTC

SUSE-SU-2019:1599-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1138301,1138302,1138303
CVE References: CVE-2019-10161,CVE-2019-10166,CVE-2019-10167
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    libvirt-4.0.0-8.15.2
SUSE Linux Enterprise Server 12-SP4 (src):    libvirt-4.0.0-8.15.2
SUSE Linux Enterprise Desktop 12-SP4 (src):    libvirt-4.0.0-8.15.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2019-06-21 16:13:07 UTC

SUSE-SU-2019:1637-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1136109,1138301,1138302,1138303
CVE References: CVE-2019-10161,CVE-2019-10166,CVE-2019-10167
Sources used:
SUSE Linux Enterprise Module for Server Applications 15 (src):    libvirt-4.0.0-9.27.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    libvirt-4.0.0-9.27.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    libvirt-4.0.0-9.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2019-06-21 16:16:24 UTC

SUSE-SU-2019:1643-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1138301,1138302,1138303,1138305
CVE References: CVE-2019-10161,CVE-2019-10166,CVE-2019-10167,CVE-2019-10168
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    libvirt-5.1.0-8.6.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    libvirt-5.1.0-8.6.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    libvirt-5.1.0-8.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Alexandros Toptsoglou 2019-06-21 16:18:25 UTC

is public now

Comment 20 Swamp Workflow Management 2019-06-24 16:16:23 UTC

SUSE-SU-2019:1686-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1138301,1138303
CVE References: CVE-2019-10161,CVE-2019-10167
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    libvirt-1.2.18.4-22.13.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    libvirt-1.2.18.4-22.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Swamp Workflow Management 2019-06-30 22:21:24 UTC

openSUSE-SU-2019:1672-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1136109,1138301,1138302,1138303
CVE References: CVE-2019-10161,CVE-2019-10166,CVE-2019-10167
Sources used:
openSUSE Leap 15.0 (src):    libvirt-4.0.0-lp150.7.18.2

Comment 22 Marcus Meissner 2019-07-01 08:52:51 UTC

released

Comment 24 Swamp Workflow Management 2019-07-20 10:10:43 UTC

openSUSE-SU-2019:1753-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1138301,1138302,1138303,1138305
CVE References: CVE-2019-10161,CVE-2019-10166,CVE-2019-10167,CVE-2019-10168
Sources used:
openSUSE Leap 15.1 (src):    libvirt-5.1.0-lp151.7.3.1

Comment 26 Swamp Workflow Management 2019-08-09 16:12:25 UTC

SUSE-SU-2019:2105-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1133719,1138301,1138303
CVE References: CVE-2019-10161,CVE-2019-10167
Sources used:
SUSE OpenStack Cloud 7 (src):    libvirt-2.0.0-27.61.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    libvirt-2.0.0-27.61.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    libvirt-2.0.0-27.61.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    libvirt-2.0.0-27.61.1
SUSE Enterprise Storage 4 (src):    libvirt-2.0.0-27.61.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2019-08-28 13:17:59 UTC

SUSE-SU-2019:2227-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1133719,1138301,1138303,1138734
CVE References: CVE-2019-10161,CVE-2019-10167
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    libvirt-3.3.0-5.40.1
SUSE OpenStack Cloud 8 (src):    libvirt-3.3.0-5.40.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    libvirt-3.3.0-5.40.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    libvirt-3.3.0-5.40.1
SUSE Enterprise Storage 5 (src):    libvirt-3.3.0-5.40.1
HPE Helion Openstack 8 (src):    libvirt-3.3.0-5.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2019-09-11 22:11:27 UTC

SUSE-SU-2019:2227-2: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1133719,1138301,1138303,1138734
CVE References: CVE-2019-10161,CVE-2019-10167
Sources used:
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    libvirt-3.3.0-5.40.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    libvirt-3.3.0-5.40.1
SUSE Enterprise Storage 5 (src):    libvirt-3.3.0-5.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.