CVE-2019-3886

Priority
Description
An incorrect permissions check was discovered in libvirt 4.8.0 and above.
The readonly permission was allowed to invoke APIs depending on the guest
agent, which could lead to potentially disclosing unintended information or
denial of service by causing libvirt to block.
Notes
 mdeslaur> only a DoS, no information disclosure
Assigned-to
mdeslaur
Package
Upstream:released (5.0.0-2)
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (code not present)
Ubuntu 19.04 (Disco Dingo):released (5.0.0-1ubuntu2.3)
Ubuntu 19.10 (Eoan):released (5.4.0-0ubuntu1)
Patches:
Upstream:https://libvirt.org/git/?p=libvirt.git;a=commit;h=2a07c990bd9143d7a0fe8d1b6b7c763c52185240
Upstream:https://libvirt.org/git/?p=libvirt.git;a=commit;h=ae076bb40e0e150aef41361b64001138d04d6c60
More Information

Updated: 2019-06-19 18:14:29 UTC (commit 837e440be10812bfd807c193b0c8f06ee3a3c57b)