==========================================================================
Ubuntu Security Notice USN-4021-1
June 19, 2019

libvirt vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10

Summary:

Several security issues were fixed in libvirt.

Software Description:
- libvirt: Libvirt virtualization toolkit

Details:

Daniel P. Berrangé discovered that libvirt incorrectly handled socket
permissions. A local attacker could possibly use this issue to access
libvirt. (CVE-2019-10132)

It was discovered that libvirt incorrectly performed certain permission
checks. A remote attacker could possibly use this issue to access the
guest agent and cause a denial of service. This issue only affected Ubuntu
19.04. (CVE-2019-3886)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  libvirt-clients                 5.0.0-1ubuntu2.3
  libvirt-daemon                  5.0.0-1ubuntu2.3
  libvirt0                        5.0.0-1ubuntu2.3

Ubuntu 18.10:
  libvirt-clients                 4.6.0-2ubuntu3.7
  libvirt-daemon                  4.6.0-2ubuntu3.7
  libvirt0                        4.6.0-2ubuntu3.7

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://usn.ubuntu.com/4021-1
  CVE-2019-10132, CVE-2019-3886

Package Information:
  https://launchpad.net/ubuntu/+source/libvirt/5.0.0-1ubuntu2.3
  https://launchpad.net/ubuntu/+source/libvirt/4.6.0-2ubuntu3.7