Debian LTS: DLA-1832-1: libvirt security update

    Date24 Jun 2019
    CategoryDebian LTS
    202
    Posted ByLinuxSecurity Advisories
    Two vulnerabilities were discovered in libvirt, an abstraction API for different underlying virtualisation mechanisms provided by the kernel, etc.
    
    Package        : libvirt
    Version        : 1.2.9-9+deb8u7
    CVE IDs        : CVE-2019-10161 CVE-2019-10167
    
    Two vulnerabilities were discovered in libvirt, an abstraction API
    for different underlying virtualisation mechanisms provided by the
    kernel, etc.
    
    * CVE-2019-10161: Prevent an vulnerability where readonly clients
      could use the API to specify an arbitrary path which would be
      accessed with the permissions of the libvirtd process. An attacker
      with access to the libvirtd socket could use this to probe the
      existence of arbitrary files, cause a denial of service or
      otherwise cause libvirtd to execute arbitrary programs.
    
    * CVE-2019-10167: Prevent an arbitrary code execution vulnerability
      via the API where a user-specified binary used to probe the
      domain's capabilities.  read-only clients could specify an
      arbitrary path for this argument, causing libvirtd to execute a
      crafted executable with its own privileges.
    
    For Debian 8 "Jessie", these issues have been fixed in libvirt
    version 1.2.9-9+deb8u7.
    
    We recommend that you upgrade your libvirt packages.
    
    
    Regards,
    
    - -- 
          ,''`.
         : :'  :     Chris Lamb
         `. `'`      This email address is being protected from spambots. You need JavaScript enabled to view it. / chris-lamb.co.uk
           `-
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.