Errata overview
Errata ID 159
Date 2019-06-26
Source package libvirt
Fixed in version 3.0.0-4+deb9u4A~4.4.0.201906241311
Description 
This update addresses the following issues:
* Arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
  (CVE-2019-10161)
* Arbitrary command execution via virConnectGetDomainCapabilities API
  (CVE-2019-10167)
Additional notes
CVE ID CVE-2019-10161
CVE-2019-10167
UCS Bug number #49710