what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 4469-1

Debian Security Advisory 4469-1
Posted Jun 22, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4469-1 - Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2019-10161, CVE-2019-10167
SHA-256 | f317c18ff7cf94b2090ee036440e15b8ca405088d3e480e1e607c181d98807a0

Debian Security Advisory 4469-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4469-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 22, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libvirt
CVE ID : CVE-2019-10161 CVE-2019-10167

Two vulnerabilities were discovered in Libvirt, a virtualisation
abstraction library, allowing an API client with read-only permissions
to execute arbitrary commands via the virConnectGetDomainCapabilities
API, or read or execute arbitrary files via the
virDomainSaveImageGetXMLDesc API.

Additionally the libvirt's cpu map was updated to make addressing
CVE-2018-3639, CVE-2017-5753, CVE-2017-5715, CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091 easier by supporting
the md-clear, ssbd, spec-ctrl and ibpb CPU features when picking CPU
models without having to fall back to host-passthrough.

For the stable distribution (stretch), these problems have been fixed in
version 3.0.0-4+deb9u4.

We recommend that you upgrade your libvirt packages.

For the detailed security status of libvirt please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/libvirt

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0OXUhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SDEw//TQJ0CQdeuADmjoGfnEyOPSf4hfcWFCZyF1H+oEgQ35MTIaxtHf/JgE32
BxeE6ZytyzpO3kGgptc5kNEThJ1oJJ5ClCSY75S/75pIQP5PlNSSvqKHDv6gX0zv
2FTV2T/KY1jXmpOe5jkH8RJSh3PIz37+mZgi/KqfaBNhcbO9JuIQreYxQl5woHk6
flK+g0s6sq5xPXzH+p88xMLgQAZ3LivTqsKDTy9anNQlHbJCw1TfWEBOL9BPpctU
ABXu2QanPTTQe5weCHBG+BwskUeqVS7WjQsgCtnKsaVA6MLf9KfSv/3CjwRmUetw
yGFXncfgnOmwx3QRBNlpw1zUqxpee9uU5dWOw8AsfJDUu13MHXchjUAzxiGKbFnS
w8S3i1hcD4x92/FwMSxu9T18QCXDbTSFDyPx7sIMY+0IlbhA5a4UsH5FdinCJNE3
Y8MOBJymywAhpD2aD5LytJZKJrPcLjTgbeF9PNLg09pzHPp80SNArOJEbRBaa/1R
kEk4R5ptHgOh79axYgDWgMoqw3rlVIAL8nh+7511k0BC1hPUvijUpbWrLRTbWMTT
TCq9CZPelblbGO9etSMPHVNDOy20+Go1ad6G7lkHgmooKZFyCnNZzk7o0RBJC8on
DjZ7rK+vLNH9TzYCHWdLd9eJs73emvrOalgq3Nwvb/OasobJwPQ=
=MlBA
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close