SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1503-1 Rating: important References: #772586 #773621 #773626 #780432 Cross-References: CVE-2012-3497 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: libvirt received security and bugfixes: * CVE-2012-4423: Fixed a libvirt remote denial of service (crash) problem. The following bugs have been fixed: * qemu: Fix probing for guest capabilities * xen-xm: Generate UUID if not specified * xenParseXM: don't dereference NULL pointer when script is empty Security Issue references: * CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539
* CVE-2012-3497 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497
* CVE-2012-4411 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411
* CVE-2012-4535 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535
* CVE-2012-4537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537
* CVE-2012-4536 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536
* CVE-2012-4538 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538
* CVE-2012-4539 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539
* CVE-2012-4544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544
Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libvirt-201211-7015 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libvirt-201211-7015 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libvirt-201211-7015 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): libvirt-devel-0.9.6-0.23.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (x86_64): libvirt-devel-32bit-0.9.6-0.23.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): libvirt-0.9.6-0.23.1 libvirt-client-0.9.6-0.23.1 libvirt-doc-0.9.6-0.23.1 libvirt-python-0.9.6-0.23.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): libvirt-client-32bit-0.9.6-0.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libvirt-0.9.6-0.23.1 libvirt-client-0.9.6-0.23.1 libvirt-doc-0.9.6-0.23.1 libvirt-python-0.9.6-0.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libvirt-client-32bit-0.9.6-0.23.1 References: http://support.novell.com/security/cve/CVE-2012-3497.html http://support.novell.com/security/cve/CVE-2012-4411.html http://support.novell.com/security/cve/CVE-2012-4535.html http://support.novell.com/security/cve/CVE-2012-4536.html http://support.novell.com/security/cve/CVE-2012-4537.html http://support.novell.com/security/cve/CVE-2012-4538.html http://support.novell.com/security/cve/CVE-2012-4539.html http://support.novell.com/security/cve/CVE-2012-4544.html https://bugzilla.novell.com/772586 https://bugzilla.novell.com/773621 https://bugzilla.novell.com/773626 https://bugzilla.novell.com/780432 http://download.novell.com/patch/finder/?keywords=6c77cedf2e828c0cfa0f10bbd2... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org