You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke libvirt

Sigurnosni nedostaci programske biblioteke libvirt

==========================================================================
Ubuntu Security Notice USN-4047-1
July 08, 2019

libvirt vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in libvirt.

Software Description:
– libvirt: Libvirt virtualization toolkit

Details:

Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled
certain API calls. An attacker could possibly use this issue to check for
arbitrary files, or execute arbitrary binaries. In the default
installation, attackers would be isolated by the libvirt AppArmor profile.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
libvirt-clients 5.0.0-1ubuntu2.4
libvirt-daemon 5.0.0-1ubuntu2.4
libvirt0 5.0.0-1ubuntu2.4

Ubuntu 18.10:
libvirt-clients 4.6.0-2ubuntu3.8
libvirt-daemon 4.6.0-2ubuntu3.8
libvirt0 4.6.0-2ubuntu3.8

Ubuntu 18.04 LTS:
libvirt-clients 4.0.0-1ubuntu8.12
libvirt-daemon 4.0.0-1ubuntu8.12
libvirt0 4.0.0-1ubuntu8.12

Ubuntu 16.04 LTS:
libvirt-bin 1.3.1-1ubuntu10.27
libvirt0 1.3.1-1ubuntu10.27

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/4047-1
CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168

Package Information:
https://launchpad.net/ubuntu/+source/libvirt/5.0.0-1ubuntu2.4
https://launchpad.net/ubuntu/+source/libvirt/4.6.0-2ubuntu3.8
https://launchpad.net/ubuntu/+source/libvirt/4.0.0-1ubuntu8.12
https://launchpad.net/ubuntu/+source/libvirt/1.3.1-1ubuntu10.27

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0jPJwACgkQZWnYVadE
vpPLEhAAksbncDiKE8iJ4Mc2tgi5OPD/WKn67aNgLK8VSBnK5zAJM3nfrx1YPZeX
HpJvJ0Szz7pDz7wjSFKm1kbTFXOC0mMojbeojHY21CBWXSDJBWpryPCBGLAtafsV
JLQ2WAy13V4uK1Xh2V27p0DBpzT3iGeP7mYnlNYRUZfzueGMMjGGAdKuXjNKsZgL
OySMsAUlsiMyd8sF9K3/Nj7Z1N9dU/DnM1y+TkD5hQaABUC9OZOZ3cEIytdoVnwA
fhEFfHtetWP7YfFFKsWsDST+K/Kg20l0ukB8wVWvAP1gIwkNtVos57Nm6X/NfsFX
t/+5olAu9mBe4pXJJdtDPzkmuqh1s6BVhIRo4QtPCzGdtSbH31pjDc3OhV5acf6Z
WsXuuS9MJ2Jhub/UamOcsyVu5ljkqWkMYHymSNe7hp7XM2pq9E4qeyhh1pMofNcH
VoTzlg24JQNlkhCuepK7lPyZ3j4DKxsHsUR4tTlTG10tGZQptk5zIcMDzotm8jD4
imxabGtEHTN0PDNIZh/DjmF9w0LRlq9QtD59dEanJNXv16OrApEF8xNC5ZUCrpTf
hY09rmDdAgboqHayuJ7yFhZ6KnEm8hEUcgI17fmbKRhHAHzElxV5vtJ1aLAKvoEB
u2TQUaqUDJln5bA/b9UGmuSPNaIHzPmna25K6yyoDIaQmgBNoAM=
=L+CW
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke glib2.0

Otkriven je sigurnosni nedostatak programske biblioteke glib2.0 za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja ili...

Close