First published: Mon Apr 01 2019(Updated: )
A vulnerability was found in libvirt versions >= 4.8.0. An information exposure allows to retrieve the guest hostname under readonly mode References: <a class="bz_bug_link bz_secure " title="" href="show_bug.cgi?id=1692619">https://bugzilla.redhat.com/show_bug.cgi?id=1692619</a>
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Libvirt | >=4.8.0<5.3.0 | |
openSUSE Leap | =42.3 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
debian/libvirt | 7.0.0-3+deb11u3 9.0.0-4+deb12u2 10.10.0-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3886 is a vulnerability in libvirt 4.8.0 and above that allows the readonly permission to invoke APIs, potentially leading to unintended information disclosure or denial of service.
CVE-2019-3886 has a severity rating of 5.4 (medium).
Versions 4.8.0 to 5.3.0 of Redhat Libvirt, openSUSE Leap 42.3, Fedora 29, Fedora 30, and various versions of libvirt in Ubuntu and Debian are affected by CVE-2019-3886.
To fix CVE-2019-3886 in Redhat Libvirt, update to version 5.4.0 or newer.
You can find more information about CVE-2019-3886 in the following references: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html, http://www.securityfocus.com/bid/107777, and https://access.redhat.com/errata/RHBA-2019:3723