Debian LTS: DLA-1832-1 Urgent: Libvirt Service Disruption and Threats

debian lts

June 24, 2019

Two vulnerabilities were discovered in libvirt, an abstraction API for different underlying virtualisation mechanisms provided by the kernel, etc

Topics Covered

security advisory denial of service critical debian arbitrary execution libvirt api threat

Summary

* CVE-2019-10167: Prevent an arbitrary code execution vulnerability
via the API where a user-specified binary used to probe the
domain's capabilities. read-only clients could specify an
arbitrary path for this argument, causing libvirtd to execute a
crafted executable with its own privileges.

For Debian 8 "Jessie", these issues have been fixed in libvirt
version 1.2.9-9+deb8u7.

We recommend that you upgrade your libvirt packages.

Regards,

- --
,'`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-

Severity

critical

Lowest

Low

Medium

High

Critical

Package: libvirt

Version: 1.2.9-9+deb8u7

Topics Covered

security advisory denial of service critical debian arbitrary execution libvirt api threat

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Debian LTS: DLA-1832-1 Urgent: Libvirt Service Disruption and Threats

Topics Covered

Summary

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Debian LTS: DLA-1832-1 Urgent: Libvirt Service Disruption and Threats

Topics Covered

Summary

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!