USN-4047-2

See a problem?
Source
https://ubuntu.com/security/notices/USN-4047-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4047-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4047-2
Related
Published
2020-01-13T14:12:22.724170Z
Modified
2020-01-13T14:12:22.724170Z
Summary
libvirt vulnerability
Details

USN-4047-1 fixed a vulnerability in libvirt. This update provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile.

References

Affected packages

Ubuntu:Pro:14.04:LTS / libvirt

Package

Name
libvirt

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2-0ubuntu13.1.28+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libvirt-dev": "1.2.2-0ubuntu13.1.28+esm1",
            "libvirt-doc": "1.2.2-0ubuntu13.1.28+esm1",
            "libvirt0": "1.2.2-0ubuntu13.1.28+esm1",
            "libvirt-bin": "1.2.2-0ubuntu13.1.28+esm1"
        }
    ]
}