27 matches found
SUSE: Security Advisory (SUSE-SU-2019:1643-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-202003-18 : libvirt: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202003-18 libvirt: Multiple vulnerabilities Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact : A local privileged attacker could execute arbitrary...
Photon OS 3.0: Libvirt PHSA-2019-3.0-0032
An update of the libvirt package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0032. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid130112;...
EulerOS Virtualization for ARM 64 3.0.2.0 : libvirt (EulerOS-SA-2019-1957)
According to the versions of the libvirt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifyin...
Important: libvirt
Issue Overview: Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11091 Modern Intel microprocessors implement hardware-level micro-optimizations to...
libvirt security, bug fix, and enhancement update
4.5.0-23 - api: disallow virDomainSaveImageGetXMLDesc on read-only connections CVE-2019-10161 - api: disallow virDomainManagedSaveDefineXML on read-only connections CVE-2019-10166 - api: disallow virConnectGetDomainCapabilities on read-only connections CVE-2019-10167 - api: disallow...
CVE-2019-10168
The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's...
CVE-2019-10168
The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's...
CVE-2019-10168
The CVE-2019-10168 issue affects the libvirt APIs virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU. Versions affected are libvirt 4.x before 4.10.1 and 5.x before 5.4.1. libvirt will execute the program specified by the emulator argument during domain capability probing. Read-on...
CVE-2019-10168
The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's...
virt:rhel security update
libguestfs 1:1.38.4-10.1.0.1 - Config supermin to use host yum.conf in ol8 Orabug: 29319324 - Set DISTROORACLELINUX correspeonding to ol 1:1.38.4-10.1 - Fix inspection of partition-less devices resolves: rhbz1714747 libssh2 1.8.0-7.el80.1 - fix integer overflow in keyboard interactive handling th...
EulerOS 2.0 SP8 : libvirt (EulerOS-SA-2019-1774)
According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 - libvirt: virDomainManagedSaveDefineXML API exposed to...
openSUSE Security Update : libvirt (openSUSE-2019-1753)
This update for libvirt fixes the following issues : Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...
Oracle Linux 7 : libvirt (ELSA-2019-4714)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4714 advisory. - api: disallow virDomainSaveImageGetXMLDesc on read-only connections Jan Tomko Orabug: 29955742 CVE-2019-10161 - api: disallow...
Important: Red Hat Security Advisory: virt:8.0.0 security update
An update for the virt:8.0.0 module is now available for Red Hat Enterprise Linux 8 Advanced Virtualization. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Fedora Update for libvirt FEDORA-2019-9210998aaa
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
RHEL 7 : redhat-virtualization-host (RHSA-2019:1699)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1699 advisory. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host,...
Fedora 29 : libvirt (2019-9210998aaa)
CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API bz 1722463, bz 1720115 - CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly clients bz 1722462, bz 1720114 - CVE-2019-10167: arbitrary command execution via virConnectGetDomainCapabilities API bz...
Fedora 30 : libvirt (2019-b2dfb13daf)
CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API bz 1722463, bz 1720115 - CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly clients bz 1722462, bz 1720114 - CVE-2019-10167: arbitrary command execution via virConnectGetDomainCapabilities API bz...
Oracle Linux 7 : libvirt (ELSA-2019-1579)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1579 advisory. - api: disallow virDomainSaveImageGetXMLDesc on read-only connections CVE-2019-10161 - api: disallow virDomainManagedSaveDefineXML on read-only...