SUSE: 2019:1599-1 Important: Libvirt Execution Risks Mitigated
suse
June 21, 2019
An update that fixes three vulnerabilities is now available
Summary
This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Topics Covered
References
#1138301 #1138302 #1138303
Cross- CVE-2019-10161 CVE-2019-10166 CVE-2019-10167
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP4
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Desktop 12-SP4
https://www.suse.com/security/cve/CVE-2019-10161.html
https://www.suse.com/security/cve/CVE-2019-10166.html
https://www.suse.com/security/cve/CVE-2019-10167.html
https://bugzilla.suse.com/1138301
https://bugzilla.suse.com/1138302
https://bugzilla.suse.com/1138303
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2019:1599-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!