Test ID:	1.3.6.1.4.1.25623.1.0.70866
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1152-1 (libvirt-bin)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libvirt-bin announced via advisory USN-1152-1. Details: It was discovered that libvirt did not use thread-safe error reporting. A remote attacker could exploit this to cause a denial of service via application crash. (CVE-2011-1486) Eric Blake discovered that libvirt had an off-by-one error which could be used to reopen disk probing and bypass the fix for CVE-2010-2238. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 11.04. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. (CVE-2011-2178) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: libvirt-bin 0.8.8-1ubuntu6.2 libvirt0 0.8.8-1ubuntu6.2 Ubuntu 10.10: libvirt-bin 0.8.3-1ubuntu18 libvirt0 0.8.3-1ubuntu18 Ubuntu 10.04 LTS: libvirt-bin 0.7.5-5ubuntu27.13 libvirt0 0.7.5-5ubuntu27.13 http://www.securityspace.com/smysecure/catid.html?in=USN-1152-1 CVSS Score: 4.4 CVSS Vector: AV:L/AC:H/Au:R/C:C/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1486 1025477 http://securitytracker.com/id?1025477 44459 http://secunia.com/advisories/44459 47148 http://www.securityfocus.com/bid/47148 DSA-2280 http://www.debian.org/security/2011/dsa-2280 RHSA-2011:0478 http://www.redhat.com/support/errata/RHSA-2011-0478.html RHSA-2011:0479 http://www.redhat.com/support/errata/RHSA-2011-0479.html USN-1152-1 http://www.ubuntu.com/usn/USN-1152-1 [libvirt] 20110323 [PATCH] Make error reporting in libvirtd thread safe https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670 http://support.avaya.com/css/P8/documents/100134583 https://bugzilla.redhat.com/show_bug.cgi?id=693391 Common Vulnerability Exposure (CVE) ID: CVE-2010-2238 ADV-2010-2763 http://www.vupen.com/english/advisories/2010/2763 FEDORA-2010-10960 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html FEDORA-2010-11021 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html SUSE-SR:2010:017 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html USN-1008-1 http://ubuntu.com/usn/usn-1008-1 USN-1008-2 http://ubuntu.com/usn/usn-1008-2 USN-1008-3 http://ubuntu.com/usn/usn-1008-3 http://libvirt.org/news.html https://bugzilla.redhat.com/show_bug.cgi?id=607811 Common Vulnerability Exposure (CVE) ID: CVE-2011-2178 FEDORA-2011-9091 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html [libvirt] 20110531 [PATCH] security: plug regression introduced in disk probe logic https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2178.html https://bugzilla.redhat.com/show_bug.cgi?id=709769 https://bugzilla.redhat.com/show_bug.cgi?id=709775 openSUSE-SU-2011:0643 http://lists.opensuse.org/opensuse-updates/2011-06/msg00030.html
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.