[ubuntu/disco-security] libvirt 5.0.0-1ubuntu2.3 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Jun 19 16:36:33 UTC 2019

libvirt (5.0.0-1ubuntu2.3) disco-security; urgency=medium

  * SECURITY UPDATE: DoS via incorrect permissions check
    - debian/patches/CVE-2019-3886-1.patch: disallow virDomainGetHostname
      for read-only connections in src/libvirt-domain.c.
    - debian/patches/CVE-2019-3886-2.patch: enforce ACL write permission
      for getting guest time & hostname in src/remote/remote_protocol.x.
    - CVE-2019-3886
  * SECURITY UPDATE: privilege escalation via incorrect socket permissions
    - debian/patches/CVE-2019-10132-1.patch: reject clients unless their
      UID matches the current UID in src/admin/admin_server_dispatch.c.
    - debian/patches/CVE-2019-10132-2.patch: restrict sockets to mode 0600
      in src/locking/virtlockd-admin.socket.in,
    - debian/patches/CVE-2019-10132-3.patch: restrict sockets to mode 0600
      in src/logging/virtlogd-admin.socket.in,
    - CVE-2019-10132

libvirt (5.0.0-1ubuntu2.2) disco; urgency=medium

  * d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
    the never functional osxsave and ospke features (LP: #1825195).

Date: 2019-06-17 12:12:15.709981+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Disco-changes mailing list