Lucene search

DebianDEBIAN:DLA-1832-1:B9789

HistoryJun 24, 2019 - 7:26 p.m.

[SECURITY] [DLA 1832-1] libvirt security update

2019-06-2419:26:44

lists.debian.org

140

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Package : libvirt
Version : 1.2.9-9+deb8u7
CVE IDs : CVE-2019-10161 CVE-2019-10167

Two vulnerabilities were discovered in libvirt, an abstraction API
for different underlying virtualisation mechanisms provided by the
kernel, etc.

CVE-2019-10161: Prevent an vulnerability where readonly clients
could use the API to specify an arbitrary path which would be
accessed with the permissions of the libvirtd process. An attacker
with access to the libvirtd socket could use this to probe the
existence of arbitrary files, cause a denial of service or
otherwise cause libvirtd to execute arbitrary programs.
CVE-2019-10167: Prevent an arbitrary code execution vulnerability
via the API where a user-specified binary used to probe the
domain's capabilities. read-only clients could specify an
arbitrary path for this argument, causing libvirtd to execute a
crafted executable with its own privileges.

For Debian 8 "Jessie", these issues have been fixed in libvirt
version 1.2.9-9+deb8u7.

We recommend that you upgrade your libvirt packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian8i386libvirt-sanlock< 1.2.9-9+deb8u7libvirt-sanlock_1.2.9-9+deb8u7_i386.deb
Debian8armellibvirt-bin< 1.2.9-9+deb8u7libvirt-bin_1.2.9-9+deb8u7_armel.deb
Debian8amd64libvirt-sanlock< 1.2.9-9+deb8u7libvirt-sanlock_1.2.9-9+deb8u7_amd64.deb
Debian8armhflibvirt-clients< 1.2.9-9+deb8u7libvirt-clients_1.2.9-9+deb8u7_armhf.deb
Debian8armellibvirt-dev< 1.2.9-9+deb8u7libvirt-dev_1.2.9-9+deb8u7_armel.deb
Debian8amd64libvirt-dev< 1.2.9-9+deb8u7libvirt-dev_1.2.9-9+deb8u7_amd64.deb
Debian8i386libvirt0-dbg< 1.2.9-9+deb8u7libvirt0-dbg_1.2.9-9+deb8u7_i386.deb
Debian8armellibvirt0< 1.2.9-9+deb8u7libvirt0_1.2.9-9+deb8u7_armel.deb
Debian8i386libvirt-clients< 1.2.9-9+deb8u7libvirt-clients_1.2.9-9+deb8u7_i386.deb
Debian8armhflibvirt-daemon< 1.2.9-9+deb8u7libvirt-daemon_1.2.9-9+deb8u7_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	i386	libvirt-sanlock	< 1.2.9-9+deb8u7	libvirt-sanlock_1.2.9-9+deb8u7_i386.deb
Debian	8	armel	libvirt-bin	< 1.2.9-9+deb8u7	libvirt-bin_1.2.9-9+deb8u7_armel.deb
Debian	8	amd64	libvirt-sanlock	< 1.2.9-9+deb8u7	libvirt-sanlock_1.2.9-9+deb8u7_amd64.deb
Debian	8	armhf	libvirt-clients	< 1.2.9-9+deb8u7	libvirt-clients_1.2.9-9+deb8u7_armhf.deb
Debian	8	armel	libvirt-dev	< 1.2.9-9+deb8u7	libvirt-dev_1.2.9-9+deb8u7_armel.deb
Debian	8	amd64	libvirt-dev	< 1.2.9-9+deb8u7	libvirt-dev_1.2.9-9+deb8u7_amd64.deb
Debian	8	i386	libvirt0-dbg	< 1.2.9-9+deb8u7	libvirt0-dbg_1.2.9-9+deb8u7_i386.deb
Debian	8	armel	libvirt0	< 1.2.9-9+deb8u7	libvirt0_1.2.9-9+deb8u7_armel.deb
Debian	8	i386	libvirt-clients	< 1.2.9-9+deb8u7	libvirt-clients_1.2.9-9+deb8u7_i386.deb
Debian	8	armhf	libvirt-daemon	< 1.2.9-9+deb8u7	libvirt-daemon_1.2.9-9+deb8u7_armhf.deb