CVE-2019-10166

Se detectó que libvirtd, versiones 4.x.x anteriores a 4.10.1 y versiones 5.x.x anteriores a 5.4.1, permitiría a los clientes de solo lectura utilizar la API de la función virDomainManagedSaveDefineXML(), lo que les permitiría modificar archivos de estado managed save. Si un managed save ya ha sido creado por un usuario privilegiado, un atacante local podría modificar este archivo de manera que libvirtd ejecutaría un programa arbitrario cuando el dominio esté reanudado.

It was discovered that libvirtd would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.

An update that fixes four vulnerabilities is now available. This update for libvirt fixes the following issues. Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd. Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries. Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators. Fixed an issue with virConnect*HypervisorCPU API which could have been used to execute arbitrary emulators. This update was imported from the SUSE:SLE-15-SP1:Update update project.