USN-4047-2

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-4047-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4047-2.json

JSON Data

https://api.osv.dev/v1/vulns/USN-4047-2

Related

Published

2020-01-13T14:12:22.724170Z

Modified

2020-01-13T14:12:22.724170Z

Summary

libvirt vulnerability

Details

USN-4047-1 fixed a vulnerability in libvirt. This update provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile.

References

Affected packages

Ubuntu:14.04:LTS / libvirt

Package

Name: libvirt
Purl: pkg:deb/ubuntu/libvirt?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.2-0ubuntu13.1.28+esm1

Affected versions

1.*

1.1.1-0ubuntu8

1.1.1-0ubuntu9

1.1.4-0ubuntu2

1.1.4-0ubuntu3

1.1.4-0ubuntu4

1.1.4-0ubuntu5

1.2.0-0ubuntu1

1.2.0-0ubuntu2

1.2.0-0ubuntu3

1.2.1-0ubuntu1

1.2.1-0ubuntu2

1.2.1-0ubuntu3

1.2.1-0ubuntu4

1.2.1-0ubuntu5

1.2.1-0ubuntu7

1.2.1-0ubuntu8

1.2.1-0ubuntu9

1.2.1-0ubuntu10

1.2.2-0ubuntu1

1.2.2-0ubuntu2

1.2.2-0ubuntu3

1.2.2-0ubuntu4

1.2.2-0ubuntu5

1.2.2-0ubuntu6

1.2.2-0ubuntu7

1.2.2-0ubuntu8

1.2.2-0ubuntu9

1.2.2-0ubuntu10

1.2.2-0ubuntu11

1.2.2-0ubuntu12

1.2.2-0ubuntu13

1.2.2-0ubuntu13.1

1.2.2-0ubuntu13.1.1

1.2.2-0ubuntu13.1.2

1.2.2-0ubuntu13.1.4

1.2.2-0ubuntu13.1.5

1.2.2-0ubuntu13.1.6

1.2.2-0ubuntu13.1.7

1.2.2-0ubuntu13.1.8

1.2.2-0ubuntu13.1.9

1.2.2-0ubuntu13.1.10

1.2.2-0ubuntu13.1.12

1.2.2-0ubuntu13.1.14

1.2.2-0ubuntu13.1.16

1.2.2-0ubuntu13.1.17

1.2.2-0ubuntu13.1.20

1.2.2-0ubuntu13.1.21

1.2.2-0ubuntu13.1.22

1.2.2-0ubuntu13.1.23

1.2.2-0ubuntu13.1.25

1.2.2-0ubuntu13.1.26

1.2.2-0ubuntu13.1.27

1.2.2-0ubuntu13.1.28

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.2.2-0ubuntu13.1.28+esm1",
            "binary_name": "libvirt0"
        },
        {
            "binary_version": "1.2.2-0ubuntu13.1.28+esm1",
            "binary_name": "libvirt-dev"
        },
        {
            "binary_version": "1.2.2-0ubuntu13.1.28+esm1",
            "binary_name": "libvirt-doc"
        },
        {
            "binary_version": "1.2.2-0ubuntu13.1.28+esm1",
            "binary_name": "libvirt-bin"
        }
    ]
}