[ubuntu-cloud-archive/stein-proposed] libvirt (Accepted)
Corey Bryant
corey.bryant at canonical.com
Wed Jun 26 13:05:43 UTC 2019
libvirt (5.0.0-1ubuntu2.3~cloud0) bionic-stein; urgency=medium
.
* New update for the Ubuntu Cloud Archive.
.
libvirt (5.0.0-1ubuntu2.3) disco-security; urgency=medium
.
* SECURITY UPDATE: DoS via incorrect permissions check
- debian/patches/CVE-2019-3886-1.patch: disallow virDomainGetHostname
for read-only connections in src/libvirt-domain.c.
- debian/patches/CVE-2019-3886-2.patch: enforce ACL write permission
for getting guest time & hostname in src/remote/remote_protocol.x.
- CVE-2019-3886
* SECURITY UPDATE: privilege escalation via incorrect socket permissions
- debian/patches/CVE-2019-10132-1.patch: reject clients unless their
UID matches the current UID in src/admin/admin_server_dispatch.c.
- debian/patches/CVE-2019-10132-2.patch: restrict sockets to mode 0600
in src/locking/virtlockd-admin.socket.in,
src/locking/virtlockd.socket.in.
- debian/patches/CVE-2019-10132-3.patch: restrict sockets to mode 0600
in src/logging/virtlogd-admin.socket.in,
src/logging/virtlogd.socket.in.
- CVE-2019-10132
Date: Wed, 19 Jun 2019 17:21:41 +0000
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: Corey Bryant <corey.bryant at canonical.com>
More information about the Cloud-archive-changes
mailing list