- Vulnerability/
- USN-4047-1
USN-4047-1: libvirt vulnerabilities
First published: Mon Jul 08 2019(Updated: )
Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libvirt-clients | <5.0.0-1ubuntu2.4 | 5.0.0-1ubuntu2.4 |
| Ubuntu Ubuntu | =19.04 | |
| All of | ||
| ubuntu/libvirt-daemon | <5.0.0-1ubuntu2.4 | 5.0.0-1ubuntu2.4 |
| Ubuntu Ubuntu | =19.04 | |
| All of | ||
| ubuntu/libvirt0 | <5.0.0-1ubuntu2.4 | 5.0.0-1ubuntu2.4 |
| Ubuntu Ubuntu | =19.04 | |
| All of | ||
| ubuntu/libvirt-clients | <4.6.0-2ubuntu3.8 | 4.6.0-2ubuntu3.8 |
| Ubuntu Ubuntu | =18.10 | |
| All of | ||
| ubuntu/libvirt-daemon | <4.6.0-2ubuntu3.8 | 4.6.0-2ubuntu3.8 |
| Ubuntu Ubuntu | =18.10 | |
| All of | ||
| ubuntu/libvirt0 | <4.6.0-2ubuntu3.8 | 4.6.0-2ubuntu3.8 |
| Ubuntu Ubuntu | =18.10 | |
| All of | ||
| ubuntu/libvirt-clients | <4.0.0-1ubuntu8.12 | 4.0.0-1ubuntu8.12 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libvirt-daemon | <4.0.0-1ubuntu8.12 | 4.0.0-1ubuntu8.12 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libvirt0 | <4.0.0-1ubuntu8.12 | 4.0.0-1ubuntu8.12 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libvirt-bin | <1.3.1-1ubuntu10.27 | 1.3.1-1ubuntu10.27 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/libvirt0 | <1.3.1-1ubuntu10.27 | 1.3.1-1ubuntu10.27 |
| Ubuntu Ubuntu | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2019-10161
- https://ubuntu.com/security/CVE-2019-10166
- https://ubuntu.com/security/CVE-2019-10167
- https://ubuntu.com/security/CVE-2019-10168
- https://ubuntu.com/security/notices/USN-4047-2
- https://launchpad.net/ubuntu/+source/libvirt/5.0.0-1ubuntu2.4
- https://launchpad.net/ubuntu/+source/libvirt/4.6.0-2ubuntu3.8
- https://launchpad.net/ubuntu/+source/libvirt/4.0.0-1ubuntu8.12
- https://launchpad.net/ubuntu/+source/libvirt/1.3.1-1ubuntu10.27
- https://ubuntu.com/security/notices/USN-4047-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this security advisory?
The vulnerability ID for this security advisory is USN-4047-1.
What is the severity of USN-4047-1?
The severity of USN-4047-1 is not specified in the security advisory.
How does this vulnerability affect the libvirt software on Ubuntu 19.04?
This vulnerability affects the libvirt software on Ubuntu 19.04 if it is running version 5.0.0-1ubuntu2.4 or earlier of libvirt-clients, libvirt-daemon, or libvirt0.
What is the remedy for this vulnerability on Ubuntu 18.04?
The remedy for this vulnerability on Ubuntu 18.04 is to upgrade to version 4.0.0-1ubuntu8.12 or later of libvirt-clients, libvirt-daemon, or libvirt0.
Where can I find more information about this vulnerability?
More information about this vulnerability can be found at the following references: [CVE-2019-10161](https://ubuntu.com/security/CVE-2019-10161), [CVE-2019-10166](https://ubuntu.com/security/CVE-2019-10166), [CVE-2019-10167](https://ubuntu.com/security/CVE-2019-10167).
- agent/type
- agent/severity
- agent/references
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/usn
- source/Ubuntu
- anchor-related/USN-4047-2
- agent/software-canonical-lookup
- agent/title
- agent/tags
- agent/description
- agent/event
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/19.04
- version/ubuntu ubuntu/18.10
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04