1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2019-9210998aaa

[FEDORA-2019-9210998aaa] Fedora 29: libvirt

Severity High
Affected Packages 1
CVEs 11
Info Packages References Vulnerabilities
  • CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (bz #1722463, bz #1720115) * CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly clients (bz #1722462, bz #1720114) * CVE-2019-10167: arbitrary command execution via virConnectGetDomainCapabilities API (bz #1722464, bz #1720117) * CVE-2019-10168: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (bz #1722466, bz #1720118) * CVE-2019-3886: virsh domhostname command discloses guest hostname in readonly mode [fedora-rawhide * Failed to attache NEW rbd device to guest (bz #1672620) * PCI hostdev interface segfault (bz #1692053) ---- Fix systemd socket permissions (CVE-2019-10132) The virtlockd- admin.socket, virtlogd-admin.sock, virtlockd.socket & virtlogd.socket units must be restarted, if currently running. This can be done with a host reboot or systemctl commands.
Package Affected Version
pkg:rpm/fedora/libvirt?distro=fedora-29 < 4.7.0.5.fc29
ID
FEDORA-2019-9210998aaa
Severity
high
Severity from
CVE-2019-10132
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2019-9210998aaa
Published
2019-07-09T02:25:07
(5 years ago)
Modified
2019-07-09T02:25:07
(5 years ago)
Rights
Copyright 2019 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 1720117 Bug #1720117 - CVE-2019-10167 libvirt: arbitrary command execution via virConnectGetDomainCapabilities API https://bugzilla.redhat.com/show_bug.cgi?id=1720117
Bugzilla 1720114 Bug #1720114 - CVE-2019-10166 libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients https://bugzilla.redhat.com/show_bug.cgi?id=1720114
Bugzilla 1706067 Bug #1706067 - CVE-2019-10132 libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter https://bugzilla.redhat.com/show_bug.cgi?id=1706067
Bugzilla 1694880 Bug #1694880 - CVE-2019-3886 libvirt: virsh domhostname command discloses guest hostname in readonly mode https://bugzilla.redhat.com/show_bug.cgi?id=1694880
Bugzilla 1720115 Bug #1720115 - CVE-2019-10161 libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API https://bugzilla.redhat.com/show_bug.cgi?id=1720115
Bugzilla 1720118 Bug #1720118 - CVE-2019-10168 libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs https://bugzilla.redhat.com/show_bug.cgi?id=1720118
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/libvirt?distro=fedora-29 fedora libvirt < 4.7.0.5.fc29 fedora-29
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date