========================================================================== Ubuntu Security Notice USN-4021-1 June 19, 2019
libvirt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.10 Summary: Several security issues were fixed in libvirt. Software Description: - libvirt: Libvirt virtualization toolkit Details: Daniel P. Berrangé discovered that libvirt incorrectly handled socket permissions. A local attacker could possibly use this issue to access libvirt. (CVE-2019-10132) It was discovered that libvirt incorrectly performed certain permission checks. A remote attacker could possibly use this issue to access the guest agent and cause a denial of service. This issue only affected Ubuntu 19.04. (CVE-2019-3886) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: libvirt-clients 5.0.0-1ubuntu2.3 libvirt-daemon 5.0.0-1ubuntu2.3 libvirt0 5.0.0-1ubuntu2.3 Ubuntu 18.10: libvirt-clients 4.6.0-2ubuntu3.7 libvirt-daemon 4.6.0-2ubuntu3.7 libvirt0 4.6.0-2ubuntu3.7 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://usn.ubuntu.com/4021-1 CVE-2019-10132, CVE-2019-3886 Package Information: https://launchpad.net/ubuntu/+source/libvirt/5.0.0-1ubuntu2.3 https://launchpad.net/ubuntu/+source/libvirt/4.6.0-2ubuntu3.7
signature.asc
Description: OpenPGP digital signature
-- ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
