Gentoo Local Security Checks : Gentoo Security Advisory GLSA 201202-07 (libvirt)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.71182

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 201202-07 (libvirt)

Resumen: The remote host is missing updates announced in;advisory GLSA 201202-07.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 201202-07.

Vulnerability Insight:
Multiple vulnerabilities were found in libvirt, the worst of which
might allow guest OS users to read arbitrary files on the host OS.

Solution:
All libvirt users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=app-emulation/libvirt-0.9.3-r1'

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1146
1025262
http://www.securitytracker.com/id?1025262
43670
http://secunia.com/advisories/43670
43780
http://secunia.com/advisories/43780
43897
http://secunia.com/advisories/43897
43917
http://secunia.com/advisories/43917
44069
http://secunia.com/advisories/44069
46820
http://www.securityfocus.com/bid/46820
ADV-2011-0694
http://www.vupen.com/english/advisories/2011/0694
ADV-2011-0700
http://www.vupen.com/english/advisories/2011/0700
ADV-2011-0794
http://www.vupen.com/english/advisories/2011/0794
ADV-2011-0805
http://www.vupen.com/english/advisories/2011/0805
DSA-2194
http://www.debian.org/security/2011/dsa-2194
FEDORA-2011-3286
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056209.html
RHSA-2011:0391
http://www.redhat.com/support/errata/RHSA-2011-0391.html
USN-1094-1
http://www.ubuntu.com/usn/USN-1094-1
[oss-security] 20110309 CVE request: libvirt: several API calls do not honour read-only connection
http://openwall.com/lists/oss-security/2011/03/09/3
[oss-security] 20110310 Re: CVE request: libvirt: several API calls do not honour read-only connection
http://openwall.com/lists/oss-security/2011/03/10/5
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=71753cb7f7a16ff800381c0b5ee4e99eea92fed3
https://bugzilla.novell.com/show_bug.cgi?id=678406
https://bugzilla.redhat.com/show_bug.cgi?id=683650
libvirt-apicalls-dos(66012)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66012
openSUSE-SU-2011:0311
http://lists.opensuse.org/opensuse-updates/2011-04/msg00022.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-1486
1025477
http://securitytracker.com/id?1025477
44459
http://secunia.com/advisories/44459
47148
http://www.securityfocus.com/bid/47148
DSA-2280
http://www.debian.org/security/2011/dsa-2280
RHSA-2011:0478
http://www.redhat.com/support/errata/RHSA-2011-0478.html
RHSA-2011:0479
http://www.redhat.com/support/errata/RHSA-2011-0479.html
USN-1152-1
http://www.ubuntu.com/usn/USN-1152-1
[libvirt] 20110323 [PATCH] Make error reporting in libvirtd thread safe
https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670
http://support.avaya.com/css/P8/documents/100134583
https://bugzilla.redhat.com/show_bug.cgi?id=693391
Common Vulnerability Exposure (CVE) ID: CVE-2011-2178
FEDORA-2011-9091
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html
[libvirt] 20110531 [PATCH] security: plug regression introduced in disk probe logic
https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html
http://libvirt.org/news.html
http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2178.html
https://bugzilla.redhat.com/show_bug.cgi?id=709769
https://bugzilla.redhat.com/show_bug.cgi?id=709775
openSUSE-SU-2011:0643
http://lists.opensuse.org/opensuse-updates/2011-06/msg00030.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2511
1025822
http://www.securitytracker.com/id?1025822
45375
http://secunia.com/advisories/45375
45441
http://secunia.com/advisories/45441
45446
http://secunia.com/advisories/45446
FEDORA-2011-9062
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062855.html
RHSA-2011:1019
http://www.redhat.com/support/errata/RHSA-2011-1019.html
RHSA-2011:1197
http://www.redhat.com/support/errata/RHSA-2011-1197.html
SUSE-SU-2011:0837
https://hermes.opensuse.org/messages/10027908
USN-1180-1
http://www.ubuntu.com/usn/USN-1180-1
[libvirt] 20110624 [PATCH 2/2] remote: protect against integer overflow
https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
[oss-security] 20110628 CVE request: libvirt: integer overflow in VirDomainGetVcpus
http://www.openwall.com/lists/oss-security/2011/06/28/9
libvirt-virdomaingetvcpus-bo(68271)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68271

Copyright Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.71182
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 201202-07 (libvirt)
Resumen:	The remote host is missing updates announced in;advisory GLSA 201202-07.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 201202-07. Vulnerability Insight: Multiple vulnerabilities were found in libvirt, the worst of which might allow guest OS users to read arbitrary files on the host OS. Solution: All libvirt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/libvirt-0.9.3-r1' CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1146 1025262 http://www.securitytracker.com/id?1025262 43670 http://secunia.com/advisories/43670 43780 http://secunia.com/advisories/43780 43897 http://secunia.com/advisories/43897 43917 http://secunia.com/advisories/43917 44069 http://secunia.com/advisories/44069 46820 http://www.securityfocus.com/bid/46820 ADV-2011-0694 http://www.vupen.com/english/advisories/2011/0694 ADV-2011-0700 http://www.vupen.com/english/advisories/2011/0700 ADV-2011-0794 http://www.vupen.com/english/advisories/2011/0794 ADV-2011-0805 http://www.vupen.com/english/advisories/2011/0805 DSA-2194 http://www.debian.org/security/2011/dsa-2194 FEDORA-2011-3286 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056209.html RHSA-2011:0391 http://www.redhat.com/support/errata/RHSA-2011-0391.html USN-1094-1 http://www.ubuntu.com/usn/USN-1094-1 [oss-security] 20110309 CVE request: libvirt: several API calls do not honour read-only connection http://openwall.com/lists/oss-security/2011/03/09/3 [oss-security] 20110310 Re: CVE request: libvirt: several API calls do not honour read-only connection http://openwall.com/lists/oss-security/2011/03/10/5 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773 http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=71753cb7f7a16ff800381c0b5ee4e99eea92fed3 https://bugzilla.novell.com/show_bug.cgi?id=678406 https://bugzilla.redhat.com/show_bug.cgi?id=683650 libvirt-apicalls-dos(66012) https://exchange.xforce.ibmcloud.com/vulnerabilities/66012 openSUSE-SU-2011:0311 http://lists.opensuse.org/opensuse-updates/2011-04/msg00022.html Common Vulnerability Exposure (CVE) ID: CVE-2011-1486 1025477 http://securitytracker.com/id?1025477 44459 http://secunia.com/advisories/44459 47148 http://www.securityfocus.com/bid/47148 DSA-2280 http://www.debian.org/security/2011/dsa-2280 RHSA-2011:0478 http://www.redhat.com/support/errata/RHSA-2011-0478.html RHSA-2011:0479 http://www.redhat.com/support/errata/RHSA-2011-0479.html USN-1152-1 http://www.ubuntu.com/usn/USN-1152-1 [libvirt] 20110323 [PATCH] Make error reporting in libvirtd thread safe https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670 http://support.avaya.com/css/P8/documents/100134583 https://bugzilla.redhat.com/show_bug.cgi?id=693391 Common Vulnerability Exposure (CVE) ID: CVE-2011-2178 FEDORA-2011-9091 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html [libvirt] 20110531 [PATCH] security: plug regression introduced in disk probe logic https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html http://libvirt.org/news.html http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2178.html https://bugzilla.redhat.com/show_bug.cgi?id=709769 https://bugzilla.redhat.com/show_bug.cgi?id=709775 openSUSE-SU-2011:0643 http://lists.opensuse.org/opensuse-updates/2011-06/msg00030.html Common Vulnerability Exposure (CVE) ID: CVE-2011-2511 1025822 http://www.securitytracker.com/id?1025822 45375 http://secunia.com/advisories/45375 45441 http://secunia.com/advisories/45441 45446 http://secunia.com/advisories/45446 FEDORA-2011-9062 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062855.html RHSA-2011:1019 http://www.redhat.com/support/errata/RHSA-2011-1019.html RHSA-2011:1197 http://www.redhat.com/support/errata/RHSA-2011-1197.html SUSE-SU-2011:0837 https://hermes.opensuse.org/messages/10027908 USN-1180-1 http://www.ubuntu.com/usn/USN-1180-1 [libvirt] 20110624 [PATCH 2/2] remote: protect against integer overflow https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html [oss-security] 20110628 CVE request: libvirt: integer overflow in VirDomainGetVcpus http://www.openwall.com/lists/oss-security/2011/06/28/9 libvirt-virdomaingetvcpus-bo(68271) https://exchange.xforce.ibmcloud.com/vulnerabilities/68271
Copyright	Copyright (C) 2012 E-Soft Inc.