openSUSE Update for libvirt openSUSE-SU-2019:1672-1 (libvirt)

The remote host is missing an update for the 'libvirt' package(s) announced via the openSUSE-SU-2019:1672_1 advisory.

This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Other issue addressed: - spec: add systemd-container dependency to qemu and lxc drivers (bsc#1136109). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-1672=1

'libvirt' package(s) on openSUSE Leap 15.0.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).