[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-4469-1 libvirt -- libvirt

ID: oval:org.secpod.oval:def:603950Date: (C)2019-06-25   (M)2024-01-29
Class: PATCHFamily: unix




Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API. Additionally the libvirt"s cpu map was updated to make addressing CVE-2018-3639, CVE-2017-5753, CVE-2017-5715, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091 easier by supporting the md-clear, ssbd, spec-ctrl and ibpb CPU features when picking CPU models without having to fall back to host-passthrough.

Platform:
Debian 9.x
Product:
libvirt0
libvirt-dev
libnss-libvirt
libvirt-sanlock
libvirt-daemon
libvirt-clients
libvirt-doc
Reference:
DSA-4469-1
CVE-2019-10161
CVE-2019-10167
CVE    2
CVE-2019-10161
CVE-2019-10167
CPE    2
cpe:/a:redhat:libvirt:0
cpe:/o:debian:debian_linux:9.x

© SecPod Technologies