libvirt-4.5.0-10.el7.12
エラータID: AXSA:2019-3912:08
リリース日:
2019/06/20 Thursday - 17:01
題名:
libvirt-4.5.0-10.el7.12
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- 現時点では CVE-2019-10161, CVE-2019-10166, CVE-2019-10167,
CVE-2019-10168 の情報が公開されておりません。CVE の情報が公開
され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-10161
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
CVE-2019-10166
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
CVE-2019-10167
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
CVE-2019-10168
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
追加情報:
N/A
ダウンロード:
SRPMS
- libvirt-4.5.0-10.el7.12.src.rpm
MD5: 18d5e980730b4e7007f5ad78b6880d72
SHA-256: 7e8c80e8dbe82309aacbcfb08c6d187f9e61a34f5507e3477dd3bf7c00856127
Size: 14.58 MB
Asianux Server 7 for x86_64
- libvirt-4.5.0-10.el7.12.x86_64.rpm
MD5: 6b56cdfd0b5b8a185a1394ebff246093
SHA-256: bbf6819778c9eab582e68d75a6f45c8037f51129dfb83b2fdfca90e33c2a647d
Size: 184.63 kB - libvirt-bash-completion-4.5.0-10.el7.12.x86_64.rpm
MD5: 1ebb35c78216a45d6e63c62cfa08bc8a
SHA-256: 17e01761d34e567a545724a6c4f537aac5778a05d4364765a69be0c28a2fc592
Size: 184.99 kB - libvirt-client-4.5.0-10.el7.12.x86_64.rpm
MD5: 3e25776dc4d10e4ccde8f0a51005007c
SHA-256: 544714d7e7e2ff6fa153a5b7f8493bb64fa15fd1940a2403b06d907651d6a34b
Size: 481.19 kB - libvirt-daemon-4.5.0-10.el7.12.x86_64.rpm
MD5: 5e192e008f2775858f6f7655faf7d300
SHA-256: c847b24674538a1569de6208b811692e8e58d5c8e5814206de6a87351c68f805
Size: 829.17 kB - libvirt-daemon-config-network-4.5.0-10.el7.12.x86_64.rpm
MD5: fb3da93ce9ab9ec055258175cfd06bf5
SHA-256: 626f6333001b9669b86a9c8a0278e2f413c27fee53c62a274c045a1b9303f965
Size: 185.92 kB - libvirt-daemon-config-nwfilter-4.5.0-10.el7.12.x86_64.rpm
MD5: ce14854b11ffb4c3d0a95bbaae4a96ed
SHA-256: 2c9a08c7284685f3242c5fc24ed6f4a4071949a450676105ad29167bbc5e799a
Size: 191.57 kB - libvirt-daemon-driver-interface-4.5.0-10.el7.12.x86_64.rpm
MD5: c3f6b033d1293432a7bae1f8dc078ac3
SHA-256: bbb20bb2890ec9ae29ae8286edd60e74cf986ef0243a97706d95a833ca616e58
Size: 223.71 kB - libvirt-daemon-driver-lxc-4.5.0-10.el7.12.x86_64.rpm
MD5: fc4037845e42f7181e0bc77f5d00e88a
SHA-256: d17451d9e129dce0c70c2e3c811ec0479494894ef6da4c147145062675b9ba2e
Size: 316.81 kB - libvirt-daemon-driver-network-4.5.0-10.el7.12.x86_64.rpm
MD5: 72c6a909450e10a27ef56ebb80974ca5
SHA-256: c3be606b1bc48512abb0bca7481535f57b68543d4580a92bf83e8e76dbc6e1a0
Size: 397.21 kB - libvirt-daemon-driver-nodedev-4.5.0-10.el7.12.x86_64.rpm
MD5: 6d52e1d8fa50805a539dccefecac5aa2
SHA-256: 80e8bd64d38f1131745ca826691647ca43930141cfb66e7f160676e3407ab115
Size: 223.16 kB - libvirt-daemon-driver-nwfilter-4.5.0-10.el7.12.x86_64.rpm
MD5: 9aa006c1ac7997e924e8213a36e4a4a3
SHA-256: 9c6fb7f5d49d23ec5bc500db9f0228f9316b16455736cd1d7c838fb5062af2a6
Size: 246.96 kB - libvirt-daemon-driver-qemu-4.5.0-10.el7.12.x86_64.rpm
MD5: 2c5fa5a679b1b52348384da27c1cdc79
SHA-256: 181c15a6790a4d171aed672d09a925f83f455ede886f4d3d3651be727d3e1353
Size: 734.02 kB - libvirt-daemon-driver-secret-4.5.0-10.el7.12.x86_64.rpm
MD5: b20496a06438639362df33a90cfd18eb
SHA-256: eab01c88565312cd5d80845f53f1bbd1cf749354a09edf177968d69a170703b5
Size: 213.35 kB - libvirt-daemon-driver-storage-4.5.0-10.el7.12.x86_64.rpm
MD5: ff248d787a55f76514aec5b93057e021
SHA-256: a7f14f0d478a1ff9e9258b79b114bad7372c4ddd6dad2c0ca181465192904d5a
Size: 183.99 kB - libvirt-daemon-driver-storage-core-4.5.0-10.el7.12.x86_64.rpm
MD5: a135360e897eaec31aadc8deeffacb6f
SHA-256: 0b1040776c19438eb244cdda400457503ef0579e47e341e1ac157f955332cdf3
Size: 421.43 kB - libvirt-daemon-driver-storage-disk-4.5.0-10.el7.12.x86_64.rpm
MD5: a663dbaccc5a6efa82ec71caf5521e3a
SHA-256: 05752eb86de14461ef17084f0d21f807eff6ae20e46610504225751924781555
Size: 214.78 kB - libvirt-daemon-driver-storage-gluster-4.5.0-10.el7.12.x86_64.rpm
MD5: 4537c7b7caeb83bd9bf6a2a1ee5d94da
SHA-256: 3286b1f6a1ddc47b9549933fd7bec48dd251693a4b4dca40d1c64f31592dec9f
Size: 222.69 kB - libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7.12.x86_64.rpm
MD5: a4edf48fdf4b0205ec10b6874799a843
SHA-256: e514c58f296876bcb0980f9586aa4eb8b77729111d99d9046f8ed0fc10534de3
Size: 212.33 kB - libvirt-daemon-driver-storage-logical-4.5.0-10.el7.12.x86_64.rpm
MD5: 387d6e65a78465e9c1fcc3206dc747ca
SHA-256: bd4ce2ebd8dc0bb3d118b3234aa88f12597a534ebe0498c5bc644efb31406675
Size: 215.86 kB - libvirt-daemon-driver-storage-mpath-4.5.0-10.el7.12.x86_64.rpm
MD5: 40bb58ba865f07fa490d80bf687f13b0
SHA-256: f0b6c0bc530c4fab7b0c56546d8f22cc1634b438beea605f4b5b1105fcfbbe74
Size: 210.78 kB - libvirt-daemon-driver-storage-rbd-4.5.0-10.el7.12.x86_64.rpm
MD5: 4d602c5a23d43149cd40a5483fc12ff1
SHA-256: e15da819167dc130434ac8661122bd7e1f88926b389bbd0f534233320d4a2303
Size: 217.64 kB - libvirt-daemon-driver-storage-scsi-4.5.0-10.el7.12.x86_64.rpm
MD5: 04deaa9cd3e5dcb93d2ac164ae0bec5a
SHA-256: 46ab564cf9887fff5c0edcd0dcdcfde8d8d38b5c97b3daa8a9dacce09c9b4df2
Size: 212.29 kB - libvirt-daemon-kvm-4.5.0-10.el7.12.x86_64.rpm
MD5: 2fc911ba5baa6cfc482da7cb82b4fb8d
SHA-256: edf593652046c8e7cea599fd8e920bae3bda20fe5a4600fe8ab4f94ca675f57f
Size: 183.87 kB - libvirt-devel-4.5.0-10.el7.12.x86_64.rpm
MD5: b20a493f0b39b3055d7d36cf769c5c05
SHA-256: cc2cc46f5783824ea58d69fad4623713df177221104e3ff241bb6a71ca0e23e2
Size: 344.53 kB - libvirt-docs-4.5.0-10.el7.12.x86_64.rpm
MD5: ff70cbfa76527b9d3056fe3c9f0b4bd7
SHA-256: f96f444bd2d302cfbbdaa06cfd0cf7fbe13e54f664a72313b56bd9ef0cae112a
Size: 5.32 MB - libvirt-libs-4.5.0-10.el7.12.x86_64.rpm
MD5: 8dcc17de9b2ee5c7af107415fc5fa53f
SHA-256: 4c1a2d475719aa4c6a079f7cf835d26b6c00ebd6f1deee75764b6da922eccfe0
Size: 4.16 MB - libvirt-client-4.5.0-10.el7.12.i686.rpm
MD5: cee8b2ac35388ba650d3ba9e6b16753f
SHA-256: 23aa9b736410d1ff12adfd769e2ad6a8f5a6fb493043d0c24ad7f12272399574
Size: 468.98 kB - libvirt-devel-4.5.0-10.el7.12.i686.rpm
MD5: 068a07459fa29a8cc813d74a0e0b1427
SHA-256: 12a7ebfcd9b9970ebe88b1557f3b0d6387d655c341dbeda18d5338fdba07cf56
Size: 344.54 kB - libvirt-libs-4.5.0-10.el7.12.i686.rpm
MD5: 1f0f79513a4b558786c3a0bd70bf2927
SHA-256: e7b436d075c95d279445bb55b06828cf042a118c7b236fd6332f0da7213034d3
Size: 4.15 MB
English