MiracleLinux 4 : libvirt-0.10.2-64.2.0.1.AXS4 (AXSA:2019-3920:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3920:02 advisory. libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 Tenable has extracted the preceding description block directly from the...

EulerOS 2.0 SP5 : libvirt (EulerOS-SA-2019-1796)

According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 - libvirt: virDomainManagedSaveDefineXML API exposed to...

The vulnerability of the virDomainSaveImageGetXMLDesc() function in the Libvirt virtualization management library allows a attacker to cause a service failure, execute arbitrary code, or determine the presence and size of arbitrary files.

The vulnerability of the virDomainSaveImageGetXMLDesc function in the Libvirt virtualization management library is due to access control errors. Exploiting this vulnerability could allow an attacker to cause a service failure, execute arbitrary code, or determine the presence and size of arbitrar...

NewStart CGSL MAIN 4.05 : libvirt Vulnerability (NS-SA-2019-0166)

The remote NewStart CGSL host, running version MAIN 4.05, has libvirt packages installed that are affected by a vulnerability: - It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with th...

CVE-2019-10161

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use...

DEBIAN-CVE-2019-10161

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use...

CVE-2019-10161

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use...

CVE-2019-10161

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use...

libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API

It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of...

libvirt security update

5.0.0-9.el7 - qemu: remove cpuhostmask and cpuguestmask from virCaps structure Wim ten Have Orabug: 29956508 5.0.0-8.el7 - api: disallow virDomainSaveImageGetXMLDesc on read-only connections Jan Tomko Orabug: 29955742 CVE-2019-10161 - domain: Define explicit flags for saved image xml Eric Blake...

Fedora 30 : libvirt (2019-b2dfb13daf)

CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API bz 1722463, bz 1720115 - CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly clients bz 1722462, bz 1720114 - CVE-2019-10167: arbitrary command execution via virConnectGetDomainCapabilities API bz...

libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API

It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of...

SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:1686-1)

This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...

SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2019:1599-1)

This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...

libvirt security and bug fix update

4.5.0-10.0.1 - added librbd1 as dependency Keshav Sharma 4.5.0-10.el76.12 - api: disallow virDomainSaveImageGetXMLDesc on read-only connections CVE-2019-10161 - api: disallow virDomainManagedSaveDefineXML on read-only connections CVE-2019-10166 - api: disallow virConnectGetDomainCapabilities on...

RHEL 7 : libvirt (RHSA-2019:1579)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1579 advisory. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems...

Scientific Linux Security Update : libvirt on SL7.x x86_64 (20190620)

Security Fixes : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 - libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients CVE-2019-10166 - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API CVE-2019-10167 - libvirt:...

libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API

It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of...

libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API

It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of...

UBUNTU-CVE-2019-10161

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use...