PublicDateAtUSN: 2019-06-20 Candidate: CVE-2019-10167 PublicDate: 2019-08-02 13:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10167 https://rhn.redhat.com/errata/RHSA-2019-1579.html https://access.redhat.com/libvirt-privesc-vulnerabilities https://security.libvirt.org/2019/0006.html https://ubuntu.com/security/notices/USN-4047-1 Description: The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. Ubuntu-Description: Notes: Bugs: Priority: medium Discovered-by: Ján Tomko Assigned-to: mdeslaur CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH] nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH] Patches_libvirt: upstream: https://libvirt.org/git/?p=libvirt.git;a=commit;h=8afa68bac0cf99d1f8aaa6566685c43c22622f26 (5.4) upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=58f237d696310f3ac62e98b3b5e9cb98e13064e9 (5.0) upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=93edb0ea630556569320de83d45b100718f1391f (4.6) upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=585be8edbef5ce4ef30e6c20386358ca1ba8e344 (4.1) upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=be5d96d547ec54bc35e5eab6472ec900184ae837 (1.3.1) upstream_libvirt: needs-triage precise/esm_libvirt: not-affected trusty_libvirt: ignored (out of standard support) trusty/esm_libvirt: not-affected xenial_libvirt: released (1.3.1-1ubuntu10.27) esm-infra/xenial_libvirt: released (1.3.1-1ubuntu10.27) bionic_libvirt: released (4.0.0-1ubuntu8.12) cosmic_libvirt: released (4.6.0-2ubuntu3.8) disco_libvirt: released (5.0.0-1ubuntu2.4) eoan_libvirt: released (5.4.0-0ubuntu3) devel_libvirt: released (5.4.0-0ubuntu3)