Executive Summary

Summary
Title libvirt update vulnerability
Informations
NameUSN-4047-2First vendor Publication2020-01-13
VendorUbuntuLast vendor Modification2020-01-13
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score7.2Attack RangeLocal
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in libvirt.

Software Description: - libvirt: Libvirt virtualization toolkit

Details:

USN-4047-1 fixed a vulnerability in libvirt. This update provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled
certain API calls. An attacker could possibly use this issue to check for
arbitrary files, or execute arbitrary binaries. In the default
installation, attackers would be isolated by the libvirt AppArmor profile.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM:
libvirt-bin 1.2.2-0ubuntu13.1.28+esm1
libvirt0 1.2.2-0ubuntu13.1.28+esm1

After a standard system update you need to reboot your computer to make all the necessary changes.

References:
https://usn.ubuntu.com/4047-2
https://usn.ubuntu.com/4047-1
CVE-2019-10161

Original Source

Url : http://www.ubuntu.com/usn/USN-4047-2

CWE : Common Weakness Enumeration

%idName
100 %CWE-284Access Control (Authorization) Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Os3

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2020-01-13 17:19:08
  • First insertion