EulerOS 2.0 SP5 : libvirt (EulerOS-SA-2019-1796)

According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 - libvirt: virDomainManagedSaveDefineXML API exposed to...

libvirt security update

5.0.0-9.el7 - qemu: remove cpuhostmask and cpuguestmask from virCaps structure Wim ten Have Orabug: 29956508 5.0.0-8.el7 - api: disallow virDomainSaveImageGetXMLDesc on read-only connections Jan Tomko Orabug: 29955742 CVE-2019-10161 - domain: Define explicit flags for saved image xml Eric Blake...

Fedora 30 : libvirt (2019-b2dfb13daf)

CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API bz 1722463, bz 1720115 - CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly clients bz 1722462, bz 1720114 - CVE-2019-10167: arbitrary command execution via virConnectGetDomainCapabilities API bz...

Arbitrary Code Execution

libvirt is vulnerable to arbitrary code execution. It was discovered that libvirtd would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local...

SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2019:1599-1)

This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...

Scientific Linux Security Update : libvirt on SL7.x x86_64 (20190620)

Security Fixes : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 - libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients CVE-2019-10166 - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API CVE-2019-10167 - libvirt:...

RHEL 7 : libvirt (RHSA-2019:1579)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1579 advisory. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems...

libvirt security and bug fix update

4.5.0-10.0.1 - added librbd1 as dependency Keshav Sharma 4.5.0-10.el76.12 - api: disallow virDomainSaveImageGetXMLDesc on read-only connections CVE-2019-10161 - api: disallow virDomainManagedSaveDefineXML on read-only connections CVE-2019-10166 - api: disallow virConnectGetDomainCapabilities on...

libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients

It was discovered that libvirtd would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would...