You are here
Home > Preporuke > Sigurnosni propusti programske biblioteke libvirt

Sigurnosni propusti programske biblioteke libvirt

  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2404-1
November 11, 2014

libvirt vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in libvirt.

Software Description:
– libvirt: Libvirt virtualization toolkit

Details:

Pavel Hrdina discovered that libvirt incorrectly handled locking when
processing the virConnectListAllDomains command. An attacker could use this
issue to cause libvirtd to hang, resulting in a denial of service.
(CVE-2014-3657)

Eric Blake discovered that libvirt incorrectly handled permissions when
processing the qemuDomainFormatXML command. An attacker with read-only
privileges could possibly use this to gain access to certain information
from the domain xml file. (CVE-2014-7823)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
libvirt-bin 1.2.8-0ubuntu11.1
libvirt0 1.2.8-0ubuntu11.1

Ubuntu 14.04 LTS:
libvirt-bin 1.2.2-0ubuntu13.1.7
libvirt0 1.2.2-0ubuntu13.1.7

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2404-1
CVE-2014-3657, CVE-2014-7823

Package Information:
https://launchpad.net/ubuntu/+source/libvirt/1.2.8-0ubuntu11.1
https://launchpad.net/ubuntu/+source/libvirt/1.2.2-0ubuntu13.1.7

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUYj9tAAoJEGVp2FWnRL6T96wP/A7CiaKYTklNqpEd6pOJpjf1
BTUMZ6cVITNzbvFSb/MbBdVEe4Dzp3mPmrlEBQVUDQtinFqjx9+6Ji1oBPhYimkf
Fi5Q7DtuDpf0eFe+rropJLdth4DbM5Y5YaY6Znsn/oA/3O418ox+wHM8XRaE6uKr
2FGNiAMvO88gXaaDSkSM4MGr/crYLUfclOLKdow+Sz923woCfWJ0Bh+LvpEOaoXD
vBQFntwJCw19ssyHkWEOzykvDmur7SJWwH3tne8x0i+Z7fB5p2zHPQU9BXKZqvW4
lsTVPJgqwN7yYEFyOr3WoTHD56nlE+M7FS0FjqJJuGiMacuKniyBG79rF7ZABwSZ
92RL2+AfuohV54697BwkBD84l80UU5rm8CDpwZah2MHkWgpjYrb5Vn18ChJPTLTY
sM+M+MkmfCRjmF8ttA8+QbJ2Gt3uFp6lHF4m5AmCVBJ25UGm2dUly8v52o5DoJf8
D5f0JPCay7CqVm1mCa5YCuriS8kN8Xn8w6JADC+Tjt/EZf8fZfesqY1u6n1aOXrU
bHfWRLWZjhB289N2LzGSHBwidbhpIIUwhCQ+WPBBzsgG+f6c/vQgz3ydZgsEmU5Y
XO9hS/VjyzzVMdaT5ZDeeEwVEtccrB64LhwH21odjYY9kD0b+wDe5UMFYMBfjWdb
tcmXYZOyFQRiN2XxVba/
=lK4C
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2014-11-0016-ADV
CveCVE-2014-3657 CVE-2014-7823
ID izvornikaUSN-2404-1
Proizvodlibvirt
Izvorhttp://www.ubuntu.com
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa Microsoft .NET Framework

Otkriven je sigurnosni nedostatak u programskom paketu Microsoft .NET Framework. Otkriveni nedostatak potencijalnim napadačima omogućuje stjecanje uvećanih ovlasti. Svim korisnicima...

Close