Alpine: multiple libvirt packages: security update to 5.5.0-r0

high Tenable Self-Hosted Container Security Plugin ID 405350

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the
virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the
permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to
probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary
programs. (CVE-2019-10161)

- It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit
readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed
save state files. If a managed save had already been created by a privileged user, a local attacker could
modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
(CVE-2019-10166)

- The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1,
accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19,
libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an
arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own
privileges. (CVE-2019-10167)

- The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before
4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation
for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-
only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted
executable with its own privileges. (CVE-2019-10168)

See Also

https://security.alpinelinux.org/vuln/CVE-2019-10161

https://security.alpinelinux.org/vuln/CVE-2019-10166

https://security.alpinelinux.org/vuln/CVE-2019-10167

https://security.alpinelinux.org/vuln/CVE-2019-10168

Plugin Details

Severity: High

ID: 405350

Version: Revision 1.32

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-10161

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2019-10168

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 6/20/2019

Reference Information

CVE: CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168

BID: 108871, 109057