Hi, On Thu, Apr 04, 2019 at 10:30:14PM +0200, Salvatore Bonaccorso wrote: > Source: libvirt > Version: 5.0.0-1 > Severity: important > Tags: security upstream > Forwarded: > https://www.redhat.com/archives/libvir-list/2019-April/msg00339.html > > Hi, > > The following vulnerability was published for libvirt. > > CVE-2019-3886[0]: > | An incorrect permissions check was discovered in libvirt 4.8.0 and > | above. The readonly permission was allowed to invoke APIs depending on > | the guest agent, which could lead to potentially disclosing unintended > | information or denial of service by causing libvirt to block. > > I'm filling it here as well for ruther investigation. Is this only > affecting versions >= 4.8.0?
I'd assume this to affect older version as well (looking at the fix). I'll prepare an upload once upstream has this in git. -- Guido
