Ubuntu Security Notice 1954-1 - It was discovered that libvirt used the pkcheck tool in an unsafe manner. A local attacker could possibly use this flaw to bypass polkit authentication. In Ubuntu, libvirt polkit authentication is not enabled by default. It was discovered that libvirt incorrectly handled certain memory stats requests. A remote attacker could use this issue to cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.04. Various other issues were also addressed.
59ff3bfce1b5160cbf39adc5e7dbd353a7a26360a5e79205fa96bcdf56cace17============================================================================
Ubuntu Security Notice USN-1954-1
September 18, 2013
libvirt vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in libvirt.
Software Description:
- libvirt: Libvirt virtualization toolkit
Details:
It was discovered that libvirt used the pkcheck tool in an unsafe manner. A
local attacker could possibly use this flaw to bypass polkit
authentication. In Ubuntu, libvirt polkit authentication is not enabled by
default. (CVE-2013-4311)
It was discovered that libvirt incorrectly handled certain memory stats
requests. A remote attacker could use this issue to cause libvirt to
crash, resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS, Ubuntu 12.10, and Ubuntu 13.04. (CVE-2013-4296)
It was discovered that libvirt incorrectly handled certain bitmap
operations. A remote attacker could use this issue to cause libvirt to
crash, resulting in a denial of service. This issue only affected Ubuntu
13.04. (CVE-2013-5651)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
libvirt-bin 1.0.2-0ubuntu11.13.04.4
libvirt0 1.0.2-0ubuntu11.13.04.4
Ubuntu 12.10:
libvirt-bin 0.9.13-0ubuntu12.5
libvirt0 0.9.13-0ubuntu12.5
Ubuntu 12.04 LTS:
libvirt-bin 0.9.8-2ubuntu17.13
libvirt0 0.9.8-2ubuntu17.13
Ubuntu 10.04 LTS:
libvirt-bin 0.7.5-5ubuntu27.24
libvirt0 0.7.5-5ubuntu27.24
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1954-1
CVE-2013-4296, CVE-2013-4311, CVE-2013-5651
Package Information:
https://launchpad.net/ubuntu/+source/libvirt/1.0.2-0ubuntu11.13.04.4
https://launchpad.net/ubuntu/+source/libvirt/0.9.13-0ubuntu12.5
https://launchpad.net/ubuntu/+source/libvirt/0.9.8-2ubuntu17.13
https://launchpad.net/ubuntu/+source/libvirt/0.7.5-5ubuntu27.24
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed