Alpine: multiple libvirt packages: security update to 5.4.0-r0 (deprecated)

high Tenable Cloud Security Plugin ID 400479

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the
virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the
permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to
probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary
programs. (CVE-2019-10161)

- It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit
readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed
save state files. If a managed save had already been created by a privileged user, a local attacker could
modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
(CVE-2019-10166)

- The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1,
accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19,
libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an
arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own
privileges. (CVE-2019-10167)

- The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before
4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation
for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-
only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted
executable with its own privileges. (CVE-2019-10168)

See Also

https://git.alpinelinux.org/aports/commit/?id=2d0114c907c5b85d78a75d70bd60c5544ed8eedb

https://git.alpinelinux.org/aports/commit/?id=ef58606ac252ef8b314a198f03f66cb9021a5d94

Plugin Details

Severity: High

ID: 400479

Version: Revision 1.29

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-10161

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2019-10168

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 7/3/2019

Vulnerability Publication Date: 6/20/2019

Reference Information

CVE: CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168

BID: 108871, 109057