Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in libvirt (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in libvirt (Aktualisierung)
ID: USN-4047-2
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 ESM
Datum: Mo, 13. Januar 2020, 17:05
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10161
Applikationen: libvirt
Update von: Mehrere Probleme in libvirt

Originalnachricht


--===============7548177242380683424==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="jRHKVT23PllUwdXP"
Content-Disposition: inline


--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inlin
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4047-2
January 13, 2020

libvirt vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in libvirt.

Software Description:
- libvirt: Libvirt virtualization toolkit

Details:

USN-4047-1 fixed a vulnerability in libvirt. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled
certain API calls. An attacker could possibly use this issue to check for
arbitrary files, or execute arbitrary binaries. In the default
installation, attackers would be isolated by the libvirt AppArmor profile.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
libvirt-bin 1.2.2-0ubuntu13.1.28+esm1
libvirt0 1.2.2-0ubuntu13.1.28+esm1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/4047-2
https://usn.ubuntu.com/4047-1
CVE-2019-10161

--jRHKVT23PllUwdXP
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl4ck+YACgkQRbznW4QL
H2lTyg/+MFCBvwzvUV8gp98JKg2dgREWvrLuFUZRwrLkI47h52n6vnhUmfhYJNkX
VAmLDPDebnCN8H5AOzC4UEg0GUpwvdbTI9wHSD65E3jRfb/cRKJeBa1mQO72A1yB
C54BLT1DHJwFMtfS5GY+wskzYaBc3F6lSS1J42XjbRYeUF72jKc25ehbHbE1WnNK
aCyK5BRSbsCIWgP4zFqoam+sTFlwOoMdnXsBBCd3bU+CxIexVDMqcvEJjj4DIxp0
yuVkB/FzXK3VAIFNe7VE9PkqgyjL6BRlgpE//stz3gWqABEyQmPK7Dlv/pfy9FWK
bS6WRM52m5Rdbyu8zg/3GeT+dSQodVZl1PP/AvftfKLroOmoTz+FtsaPKjJkywh5
brOPtDVzIofzzl1qEMmYECWH1eszHy/Y1t1oN9vZqo5Q8T3ioDz+o27CFt8Fzub7
7uFkkewylMIqBVaxcaZJPcMDjMuZG5YkFo/dXtdV433azi+WJYFBOTd3REJ6pFSe
iDePtkN5Ki/8OVV2LOrW7VX98VVae0JIHzuiFbmoMIP4daakpPi8CeHnxB4MhNMk
2MRcCmgTqmZxbXuizo5jt6sAv68EJH8ZTBHH0s+bOECP0S2XwoPOQLc+Wj8FiXHy
uaRB0biZCVTn1ThZvr/hUrRw+6Sah9JxrjzlMh63gj1naR4zqLg=
=WHS1
-----END PGP SIGNATURE-----

--jRHKVT23PllUwdXP--


--===============7548177242380683424==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============7548177242380683424==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung