USN-4047-1
- Source
- https://ubuntu.com/security/notices/USN-4047-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4047-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-4047-1
- Upstream
- Related
- Published
- 2019-07-08T11:38:02.998511Z
- Modified
- 2025-10-13T04:34:51Z
- Summary
- libvirt vulnerabilities
- Details
-
Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile.
- References
Affected packages
Ubuntu:16.04:LTS / libvirt
Package
- Name
- libvirt
- Purl
- pkg:deb/ubuntu/libvirt@1.3.1-1ubuntu10.27?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.1-1ubuntu10.27
Affected versions
1.*
1.2.16-2ubuntu11
1.2.16-2ubuntu12
1.2.16-2ubuntu13
1.2.16-2ubuntu14
1.2.21-2ubuntu1
1.2.21-2ubuntu3
1.2.21-2ubuntu4
1.2.21-2ubuntu5
1.2.21-2ubuntu7
1.2.21-2ubuntu8
1.2.21-2ubuntu9
1.2.21-2ubuntu10
1.3.1-1ubuntu1
1.3.1-1ubuntu2
1.3.1-1ubuntu3
1.3.1-1ubuntu4
1.3.1-1ubuntu6
1.3.1-1ubuntu9
1.3.1-1ubuntu10
1.3.1-1ubuntu10.1
1.3.1-1ubuntu10.2
1.3.1-1ubuntu10.3
1.3.1-1ubuntu10.5
1.3.1-1ubuntu10.6
1.3.1-1ubuntu10.7
1.3.1-1ubuntu10.8
1.3.1-1ubuntu10.10
1.3.1-1ubuntu10.11
1.3.1-1ubuntu10.12
1.3.1-1ubuntu10.13
1.3.1-1ubuntu10.14
1.3.1-1ubuntu10.15
1.3.1-1ubuntu10.17
1.3.1-1ubuntu10.18
1.3.1-1ubuntu10.19
1.3.1-1ubuntu10.21
1.3.1-1ubuntu10.22
1.3.1-1ubuntu10.23
1.3.1-1ubuntu10.24
1.3.1-1ubuntu10.25
1.3.1-1ubuntu10.26
Ecosystem specific
{
"binaries": [
{
"binary_name": "libvirt-bin",
"binary_version": "1.3.1-1ubuntu10.27"
},
{
"binary_name": "libvirt-dev",
"binary_version": "1.3.1-1ubuntu10.27"
},
{
"binary_name": "libvirt0",
"binary_version": "1.3.1-1ubuntu10.27"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:16.04:LTS",
"cves": [
{
"id": "CVE-2019-10161",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2019-10167",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:18.04:LTS / libvirt
Package
- Name
- libvirt
- Purl
- pkg:deb/ubuntu/libvirt@4.0.0-1ubuntu8.12?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.0-1ubuntu8.12
Affected versions
3.*
3.6.0-1ubuntu5
3.6.0-1ubuntu6
4.*
4.0.0-1ubuntu1
4.0.0-1ubuntu2
4.0.0-1ubuntu3
4.0.0-1ubuntu4
4.0.0-1ubuntu5
4.0.0-1ubuntu6
4.0.0-1ubuntu7
4.0.0-1ubuntu8
4.0.0-1ubuntu8.1
4.0.0-1ubuntu8.2
4.0.0-1ubuntu8.3
4.0.0-1ubuntu8.4
4.0.0-1ubuntu8.5
4.0.0-1ubuntu8.6
4.0.0-1ubuntu8.7
4.0.0-1ubuntu8.8
4.0.0-1ubuntu8.9
4.0.0-1ubuntu8.10
4.0.0-1ubuntu8.11
Ecosystem specific
{
"binaries": [
{
"binary_name": "libnss-libvirt",
"binary_version": "4.0.0-1ubuntu8.12"
},
{
"binary_name": "libvirt-bin",
"binary_version": "4.0.0-1ubuntu8.12"
},
{
"binary_name": "libvirt-clients",
"binary_version": "4.0.0-1ubuntu8.12"
},
{
"binary_name": "libvirt-daemon",
"binary_version": "4.0.0-1ubuntu8.12"
},
{
"binary_name": "libvirt-daemon-driver-storage-gluster",
"binary_version": "4.0.0-1ubuntu8.12"
},
{
"binary_name": "libvirt-daemon-driver-storage-rbd",
"binary_version": "4.0.0-1ubuntu8.12"
},
{
"binary_name": "libvirt-daemon-driver-storage-sheepdog",
"binary_version": "4.0.0-1ubuntu8.12"
},
{
"binary_name": "libvirt-daemon-driver-storage-zfs",
"binary_version": "4.0.0-1ubuntu8.12"
},
{
"binary_name": "libvirt-daemon-system",
"binary_version": "4.0.0-1ubuntu8.12"
},
{
"binary_name": "libvirt-dev",
"binary_version": "4.0.0-1ubuntu8.12"
},
{
"binary_name": "libvirt-sanlock",
"binary_version": "4.0.0-1ubuntu8.12"
},
{
"binary_name": "libvirt-wireshark",
"binary_version": "4.0.0-1ubuntu8.12"
},
{
"binary_name": "libvirt0",
"binary_version": "4.0.0-1ubuntu8.12"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:18.04:LTS",
"cves": [
{
"id": "CVE-2019-10161",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2019-10166",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2019-10167",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}