English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

==========================================================================
Ubuntu Security Notice USN-1152-1
June 16, 2011

libvirt vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

Libvirt could be made to crash or read arbitrary files on the host.

Software Description:
- libvirt: Libvirt virtualization toolkit

Details:

It was discovered that libvirt did not use thread-safe error reporting. A
remote attacker could exploit this to cause a denial of service via
application crash. (CVE-2011-1486)

Eric Blake discovered that libvirt had an off-by-one error which could
be used to reopen disk probing and bypass the fix for CVE-2010-2238. A
privileged attacker in the guest could exploit this to read arbitrary files
on the host. This issue only affected Ubuntu 11.04. By default, guests are
confined by an AppArmor profile which provided partial protection against
this flaw. (CVE-2011-2178)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
  libvirt-bin                     0.8.8-1ubuntu6.2
  libvirt0                        0.8.8-1ubuntu6.2

Ubuntu 10.10:
  libvirt-bin                     0.8.3-1ubuntu18
  libvirt0                        0.8.3-1ubuntu18

Ubuntu 10.04 LTS:
  libvirt-bin                     0.7.5-5ubuntu27.13
  libvirt0                        0.7.5-5ubuntu27.13

In general, a standard system update will make all the necessary changes.

References:
  CVE-2011-1486, CVE-2011-2178

Package Information:
  https://launchpad.net/ubuntu/+source/libvirt/0.8.8-1ubuntu6.2
  https://launchpad.net/ubuntu/+source/libvirt/0.8.3-1ubuntu18
  https://launchpad.net/ubuntu/+source/libvirt/0.7.5-5ubuntu27.13


New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.