Errata overview
Errata ID 539
Date 2019-06-26
Source package libvirt
Fixed in version 3.0.0-4+deb9u4A~4.3.4.201906241341
Description 
This update addresses the following issues:
* Arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
  (CVE-2019-10161)
* Arbitrary command execution via virConnectGetDomainCapabilities API
  (CVE-2019-10167)
Additional notes
CVE ID CVE-2019-10161
CVE-2019-10167
UCS Bug number #49717