FEDORA-2019-9210998aaa

security update in Fedora 29 for libvirt

Status: stable 3 months ago
  • CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (bz #1722463, bz #1720115)
  • CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly clients (bz #1722462, bz #1720114)
  • CVE-2019-10167: arbitrary command execution via virConnectGetDomainCapabilities API (bz #1722464, bz #1720117)
  • CVE-2019-10168: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (bz #1722466, bz #1720118)
  • CVE-2019-3886: virsh domhostname command discloses guest hostname in readonly mode [fedora-rawhide
  • Failed to attache NEW rbd device to guest (bz #1672620)
  • PCI hostdev interface segfault (bz #1692053)

Fix systemd socket permissions (CVE-2019-10132) The virtlockd-admin.socket, virtlogd-admin.sock, virtlockd.socket & virtlogd.socket units must be restarted, if currently running. This can be done with a host reboot or systemctl commands.

How to install

sudo dnf upgrade --advisory=FEDORA-2019-9210998aaa

Comments 8

This update has been submitted for testing by crobinso.

This update test gating status has been changed to 'waiting'.

This update has obsoleted libvirt-4.7.0-4.fc29, and has inherited its bugs and notes.

This update test gating status has been changed to 'ignored'.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by crobinso.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 4 months ago
in testing 4 months ago
in stable 3 months ago

Related Bugs 13

00 #1672620 Failed to attache NEW rbd device to guest
00 #1692053 PCI hostdev interface segfault
00 #1694880 CVE-2019-3886 libvirt: virsh domhostname command discloses guest hostname in readonly mode
00 #1706067 CVE-2019-10132 libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter
00 #1712498 CVE-2019-10132 libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter [fedora-all]
00 #1720114 CVE-2019-10166 libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients
00 #1720115 CVE-2019-10161 libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
00 #1720117 CVE-2019-10167 libvirt: arbitrary command execution via virConnectGetDomainCapabilities API
00 #1720118 CVE-2019-10168 libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs
00 #1722462 CVE-2019-10166 libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients [fedora-all]
00 #1722463 CVE-2019-10161 libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API [fedora-all]
00 #1722464 CVE-2019-10167 libvirt: arbitrary command execution via virConnectGetDomainCapabilities API [fedora-all]
00 #1722466 CVE-2019-10168 libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs [fedora-all]

Automated Test Results