[ubuntu/disco-updates] libvirt 5.0.0-1ubuntu2.3 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Jun 19 16:58:23 UTC 2019
libvirt (5.0.0-1ubuntu2.3) disco-security; urgency=medium
* SECURITY UPDATE: DoS via incorrect permissions check
- debian/patches/CVE-2019-3886-1.patch: disallow virDomainGetHostname
for read-only connections in src/libvirt-domain.c.
- debian/patches/CVE-2019-3886-2.patch: enforce ACL write permission
for getting guest time & hostname in src/remote/remote_protocol.x.
- CVE-2019-3886
* SECURITY UPDATE: privilege escalation via incorrect socket permissions
- debian/patches/CVE-2019-10132-1.patch: reject clients unless their
UID matches the current UID in src/admin/admin_server_dispatch.c.
- debian/patches/CVE-2019-10132-2.patch: restrict sockets to mode 0600
in src/locking/virtlockd-admin.socket.in,
src/locking/virtlockd.socket.in.
- debian/patches/CVE-2019-10132-3.patch: restrict sockets to mode 0600
in src/logging/virtlogd-admin.socket.in,
src/logging/virtlogd.socket.in.
- CVE-2019-10132
Date: 2019-06-17 12:12:15.709981+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/libvirt/5.0.0-1ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list