SB2019061912 - Ubuntu update for libvirt 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019061912

SB2019061912 - Ubuntu update for libvirt

Published: June 19, 2019

Security Bulletin ID SB2019061912
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10132)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a missing SocketMode configuration parameter within the in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A local user can perform administrative tasks against virtlockd and virtlogd daemons.


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-3886)

The vulnerability allows a remote attacker to gain access to sensitive information or perform denial of service (DoS) attack.

The vulnerability exists due to the application allows readonly permissions to invoke the APIs depending on the guest agent. A remote non-authenticated attacker can gain access to sensitive information or perform denial of service attack.


Remediation

Install update from vendor's website.

References