[ubuntu/cosmic-security] libvirt 4.6.0-2ubuntu3.7 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Jun 19 16:36:28 UTC 2019
libvirt (4.6.0-2ubuntu3.7) cosmic-security; urgency=medium
* SECURITY UPDATE: privilege escalation via incorrect socket permissions
- debian/patches/CVE-2019-10132-1.patch: reject clients unless their
UID matches the current UID in src/admin/admin_server_dispatch.c.
- debian/patches/CVE-2019-10132-2.patch: restrict sockets to mode 0600
in src/locking/virtlockd-admin.socket.in,
src/locking/virtlockd.socket.in.
- debian/patches/CVE-2019-10132-3.patch: restrict sockets to mode 0600
in src/logging/virtlogd-admin.socket.in,
src/logging/virtlogd.socket.in.
- CVE-2019-10132
libvirt (4.6.0-2ubuntu3.6) cosmic; urgency=medium
* d/p/ubuntu/lp-1830268-refresh-capabilities-on-KVM-nesting.patch: fix
consideration of VMX flag (LP: #1830268)
Date: 2019-06-17 12:12:27.454659+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libvirt/4.6.0-2ubuntu3.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the Cosmic-changes
mailing list