Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in libvirt
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in libvirt
ID: USN-4047-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, Ubuntu 19.04
Datum: Mo, 8. Juli 2019, 15:39
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161
Applikationen: libvirt

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7788887978663086144==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="1IaMsSxaMwF5iRNi2m2NBnJlMLBNNOqKx"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--1IaMsSxaMwF5iRNi2m2NBnJlMLBNNOqKx
Content-Type: multipart/mixed;
boundary="M1RK0Nudok6Yk5bS6azD4zWc0G3r7sUeR";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <3b091632-0ffe-6a21-34ba-81e0d307c023@canonical.com>
Subject: [USN-4047-1] libvirt vulnerabilities

--M1RK0Nudok6Yk5bS6azD4zWc0G3r7sUeR
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4047-1
July 08, 2019

libvirt vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in libvirt.

Software Description:
- libvirt: Libvirt virtualization toolkit

Details:

Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled
certain API calls. An attacker could possibly use this issue to check for
arbitrary files, or execute arbitrary binaries. In the default
installation, attackers would be isolated by the libvirt AppArmor profile.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
libvirt-clients 5.0.0-1ubuntu2.4
libvirt-daemon 5.0.0-1ubuntu2.4
libvirt0 5.0.0-1ubuntu2.4

Ubuntu 18.10:
libvirt-clients 4.6.0-2ubuntu3.8
libvirt-daemon 4.6.0-2ubuntu3.8
libvirt0 4.6.0-2ubuntu3.8

Ubuntu 18.04 LTS:
libvirt-clients 4.0.0-1ubuntu8.12
libvirt-daemon 4.0.0-1ubuntu8.12
libvirt0 4.0.0-1ubuntu8.12

Ubuntu 16.04 LTS:
libvirt-bin 1.3.1-1ubuntu10.27
libvirt0 1.3.1-1ubuntu10.27

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/4047-1
CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168

Package Information:
https://launchpad.net/ubuntu/+source/libvirt/5.0.0-1ubuntu2.4
https://launchpad.net/ubuntu/+source/libvirt/4.6.0-2ubuntu3.8
https://launchpad.net/ubuntu/+source/libvirt/4.0.0-1ubuntu8.12
https://launchpad.net/ubuntu/+source/libvirt/1.3.1-1ubuntu10.27


--M1RK0Nudok6Yk5bS6azD4zWc0G3r7sUeR--

--1IaMsSxaMwF5iRNi2m2NBnJlMLBNNOqKx
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0jPJwACgkQZWnYVadE
vpPLEhAAksbncDiKE8iJ4Mc2tgi5OPD/WKn67aNgLK8VSBnK5zAJM3nfrx1YPZeX
HpJvJ0Szz7pDz7wjSFKm1kbTFXOC0mMojbeojHY21CBWXSDJBWpryPCBGLAtafsV
JLQ2WAy13V4uK1Xh2V27p0DBpzT3iGeP7mYnlNYRUZfzueGMMjGGAdKuXjNKsZgL
OySMsAUlsiMyd8sF9K3/Nj7Z1N9dU/DnM1y+TkD5hQaABUC9OZOZ3cEIytdoVnwA
fhEFfHtetWP7YfFFKsWsDST+K/Kg20l0ukB8wVWvAP1gIwkNtVos57Nm6X/NfsFX
t/+5olAu9mBe4pXJJdtDPzkmuqh1s6BVhIRo4QtPCzGdtSbH31pjDc3OhV5acf6Z
WsXuuS9MJ2Jhub/UamOcsyVu5ljkqWkMYHymSNe7hp7XM2pq9E4qeyhh1pMofNcH
VoTzlg24JQNlkhCuepK7lPyZ3j4DKxsHsUR4tTlTG10tGZQptk5zIcMDzotm8jD4
imxabGtEHTN0PDNIZh/DjmF9w0LRlq9QtD59dEanJNXv16OrApEF8xNC5ZUCrpTf
hY09rmDdAgboqHayuJ7yFhZ6KnEm8hEUcgI17fmbKRhHAHzElxV5vtJ1aLAKvoEB
u2TQUaqUDJln5bA/b9UGmuSPNaIHzPmna25K6yyoDIaQmgBNoAM=
=L+CW
-----END PGP SIGNATURE-----

--1IaMsSxaMwF5iRNi2m2NBnJlMLBNNOqKx--


--===============7788887978663086144==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============7788887978663086144==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung