1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4469-1] libvirt security update

    From Salvatore Bonaccorso@1:229/2 to All on Sat Jun 22 19:00:02 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4469-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    June 22, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libvirt
    CVE ID : CVE-2019-10161 CVE-2019-10167

    Two vulnerabilities were discovered in Libvirt, a virtualisation
    abstraction library, allowing an API client with read-only permissions
    to execute arbitrary commands via the virConnectGetDomainCapabilities
    API, or read or execute arbitrary files via the
    virDomainSaveImageGetXMLDesc API.

    Additionally the libvirt's cpu map was updated to make addressing CVE-2018-3639, CVE-2017-5753, CVE-2017-5715, CVE-2018-12126,
    CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091 easier by supporting
    the md-clear, ssbd, spec-ctrl and ibpb CPU features when picking CPU
    models without having to fall back to host-passthrough.

    For the stable distribution (stretch), these problems have been fixed in version 3.0.0-4+deb9u4.

    We recommend that you upgrade your libvirt packages.

    For the detailed security status of libvirt please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/libvirt

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0OXUhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SDEw//TQJ0CQdeuADmjoGfnEyOPSf4hfcWFCZyF1H+oEgQ35MTIaxtHf/JgE32 BxeE6ZytyzpO3kGgptc5kNEThJ1oJJ5ClCSY75S/75pIQP5PlNSSvqKHDv6gX0zv 2FTV2T/KY1jXmpOe5jkH8RJSh3PIz37+mZgi/KqfaBNhcbO9JuIQreYxQl5woHk6 flK+g0s6sq5xPXzH+p88xMLgQAZ3LivTqsKDTy9anNQlHbJCw1TfWEBOL9BPpctU ABXu2QanPTTQe5weCHBG+BwskUeqVS7WjQsgCtnKsaVA6MLf9KfSv/3CjwRmUetw yGFXncfgnOmwx3QRBNlpw1zUqxpee9uU5dWOw8AsfJDUu13MHXchjUAzxiGKbFnS w8S3i1hcD4x92/FwMSxu9T18QCXDbTSFDyPx7sIMY+0IlbhA5a4UsH5FdinCJNE3 Y8MOBJymywAhpD2aD5LytJZKJrPcLjTgbeF9PNLg09pzHPp80SNArOJEbRBaa/1R kEk4R5ptHgOh79axYgDWgMoqw3rlVIAL8nh+7511k0BC1hPUvijUpbWrLRTbWMTT TCq9CZPelblbGO9etSMPHVNDOy20+Go1ad6G7lkHgmooKZFyCnNZzk7o0RBJC8on DjZ7rK+vLNH9TzYCHWdLd9eJs73emvrOalgq3Nwvb/OasobJwPQ=
    =MlBA
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)