FEDORA-2019-b2dfb13daf created by crobinso a year ago for Fedora 30
stable
  • CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (bz #1722463, bz #1720115)
  • CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly clients (bz #1722462, bz #1720114)
  • CVE-2019-10167: arbitrary command execution via virConnectGetDomainCapabilities API (bz #1722464, bz #1720117)
  • CVE-2019-10168: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (bz #1722466, bz #1720118)
  • CVE-2019-3886: virsh domhostname command discloses guest hostname in readonly mode [fedora-rawhide
  • Cannot start VM with a CBR 2.0 TPM device (bz #1712556)
  • libvirtd does not update VM .xml configurations after virsh snapshot/blockcommit (bz #1722348)

How to install

sudo dnf upgrade --advisory=FEDORA-2019-b2dfb13daf

This update has been submitted for testing by crobinso.

a year ago

This update test gating status has been changed to 'waiting'.

a year ago

This update test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago
User Icon atim provided feedback a year ago
karma

crobinso edited this update.

a year ago
User Icon smithp commented & provided feedback a year ago
karma

+1

User Icon frantisekz commented & provided feedback a year ago
karma

Works fine

User Icon jlanda provided feedback a year ago
karma
User Icon alciregi commented & provided feedback a year ago
karma

WFM

User Icon kparal commented & provided feedback a year ago
karma

my VMs in virt-manager still work fine

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

a year ago
User Icon vinumoses provided feedback a year ago
karma

This update has been submitted for stable by crobinso.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
7
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
modified
a year ago
BZ#1694880 CVE-2019-3886 libvirt: virsh domhostname command discloses guest hostname in readonly mode
0
0
BZ#1696055 CVE-2019-3886 libvirt: virsh domhostname command discloses guest hostname in readonly mode [fedora-rawhide]
0
0
BZ#1712556 Cannot start VM with a CBR 2.0 TPM device shows message "Failed to create v1 controller cpu for group: No such file or directory"
0
0
BZ#1720114 CVE-2019-10166 libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients
0
0
BZ#1720115 CVE-2019-10161 libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
0
0
BZ#1720117 CVE-2019-10167 libvirt: arbitrary command execution via virConnectGetDomainCapabilities API
0
0
BZ#1720118 CVE-2019-10168 libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs
0
0
BZ#1722348 libvirtd does not update VM .xml configurations on filesystem after virsh snapshot/blockcommit
0
0
BZ#1722462 CVE-2019-10166 libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients [fedora-all]
0
0
BZ#1722463 CVE-2019-10161 libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API [fedora-all]
0
0
BZ#1722464 CVE-2019-10167 libvirt: arbitrary command execution via virConnectGetDomainCapabilities API [fedora-all]
0
0
BZ#1722466 CVE-2019-10168 libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs [fedora-all]
0
0

Automated Test Results