libvirt security update

2019-06-20T20:39:11
ID CESA-2019:1579
Type centos
Reporter CentOS Project
Modified 2019-06-20T20:39:11

Description

CentOS Errata and Security Advisory CESA-2019:1579

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

Security Fix(es):

  • libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161)

  • libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166)

  • libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167)

  • libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Live migration fail with unsafe error when GPFS is used as shared filesystem (BZ#1715867)

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2019-June/035374.html

Affected packages: libvirt libvirt-admin libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-kvm libvirt-daemon-lxc libvirt-devel libvirt-docs libvirt-libs libvirt-lock-sanlock libvirt-login-shell libvirt-nss

Upstream details at: