[USN-4021-1] libvirt vulnerabilities

Marc Deslauriers marc.deslauriers at canonical.com
Wed Jun 19 17:32:26 UTC 2019

Ubuntu Security Notice USN-4021-1
June 19, 2019

libvirt vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10


Several security issues were fixed in libvirt.

Software Description:
- libvirt: Libvirt virtualization toolkit


Daniel P. Berrangé discovered that libvirt incorrectly handled socket
permissions. A local attacker could possibly use this issue to access
libvirt. (CVE-2019-10132)

It was discovered that libvirt incorrectly performed certain permission
checks. A remote attacker could possibly use this issue to access the
guest agent and cause a denial of service. This issue only affected Ubuntu
19.04. (CVE-2019-3886)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  libvirt-clients                 5.0.0-1ubuntu2.3
  libvirt-daemon                  5.0.0-1ubuntu2.3
  libvirt0                        5.0.0-1ubuntu2.3

Ubuntu 18.10:
  libvirt-clients                 4.6.0-2ubuntu3.7
  libvirt-daemon                  4.6.0-2ubuntu3.7
  libvirt0                        4.6.0-2ubuntu3.7

After a standard system update you need to reboot your computer to make
all the necessary changes.

  CVE-2019-10132, CVE-2019-3886

Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20190619/68934d57/attachment.sig>

More information about the ubuntu-security-announce mailing list