Bug 914693 (CVE-2015-0236) - VUL-0: CVE-2015-0236: libvirt: access control bypass
Summary: VUL-0: CVE-2015-0236: libvirt: access control bypass
Status: RESOLVED FIXED
Alias: CVE-2015-0236
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/113161/
Whiteboard: CVSSv2:RedHat:CVE-2015-0236:2.9:(AV:A...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-01-26 08:28 UTC by Victor Pereira
Modified: 2016-04-27 19:34 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2015-01-26 08:28:45 UTC 
CVE-2015-0236


The two interfaces virDomainSnapshotGetXMLDesc and
virDomainSaveImageGetXMLDesc would accept the VIR_DOMAIN_XML_SECURE flag in
situations where virDomainGetXMLDesc did not, when fine-grained access control
lists (ACL) are in use. As a result, a client can use a snapshot or save image
to bypass restrictions and gain access to the secured information.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0236
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0236.html
Comment 1 Swamp Workflow Management 2015-01-26 23:00:15 UTC 
bugbot adjusting priority
Comment 2 James Fehlig 2015-01-28 23:40:04 UTC 
This bug affects libvirt >= 1.1.0.  Means openSUSE13.{1,2}, Factory, SLE11 SP4 and SLE12 need the fix.

openSUSE13.1: MR#283267
openSUSE13.2: MR#283268
Factory: SR#283072
SLE11 SP4: SR#49586
SLE12: Queued in Devel:Virt:SLE-12 for future maint update?  The current running update is not done IIRC.

Nothing more for me to do, except wait for security-team to decide on SLE12.
Comment 3 Bernhard Wiedemann 2015-01-29 00:00:07 UTC 
This is an autogenerated message for OBS integration:
This bug (914693) was mentioned in
https://build.opensuse.org/request/show/283267 13.1 / libvirt
Comment 5 Swamp Workflow Management 2015-02-06 10:05:04 UTC 
openSUSE-SU-2015:0225-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 905086,914693
CVE References: CVE-2015-0236
Sources used:
openSUSE 13.2 (src):    libvirt-1.2.9-12.1
openSUSE 13.1 (src):    libvirt-1.1.2-2.48.1
Comment 6 Johannes Segitz 2015-02-12 12:26:17 UTC 
Other SLE 12 update was released. Can you please provide the SLE 12 submit? Thanks.
Comment 7 James Fehlig 2015-02-17 18:02:27 UTC 
(In reply to Johannes Segitz from comment #6)
> Other SLE 12 update was released. Can you please provide the SLE 12 submit?

https://build.suse.de/request/show/51732
Comment 9 Andreas Stieger 2016-02-01 15:48:05 UTC 
Releasing SLE 12 update
Comment 10 Swamp Workflow Management 2016-02-01 19:13:35 UTC 
SUSE-SU-2016:0304-1: An update that solves two vulnerabilities and has 12 fixes is now available.

Category: security (moderate)
Bug References: 899334,903757,904432,911737,914297,914693,921355,921555,921586,936524,938228,948516,948686,953110
CVE References: CVE-2015-0236,CVE-2015-5313
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    libvirt-1.2.5-27.10.1
SUSE Linux Enterprise Software Development Kit 12 (src):    libvirt-1.2.5-27.10.1
SUSE Linux Enterprise Server for SAP 12 (src):    libvirt-1.2.5-27.10.1
SUSE Linux Enterprise Server 12 (src):    libvirt-1.2.5-27.10.1
SUSE Linux Enterprise Desktop 12 (src):    libvirt-1.2.5-27.10.1