[SECURITY] [DSA 2194-1] libvirt security update

2011-03-1807:47:49

lists.debian.org

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.075 Low

EPSS

Percentile

94.1%

JSON

Debian Security Advisory DSA-2194-1 [email protected]
http://www.debian.org/security/ Thijs Kinkhorst
March 18, 2011 http://www.debian.org/security/faq

Package : libvirt
Vulnerability : insufficient checks
Problem type : local
Debian-specific: no
CVE ID : CVE-2011-1146
Debian Bug : 617773

It was discovered that libvirt, a library for interfacing with different
virtualization systems, did not properly check for read-only connections.
This allowed a local attacker to perform a denial of service (crash) or
possibly escalate privileges.

The oldstable distribution (lenny) is not affected by this problem.

For the stable distribution (squeeze), this problem has been fixed in
version 0.8.3-5+squeeze1.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 0.8.8-3.

We recommend that you upgrade your libvirt packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6powerpclibvirt0-dbg< 0.8.3-5+squeeze1libvirt0-dbg_0.8.3-5+squeeze1_powerpc.deb
Debian6i386libvirt0-dbg< 0.8.3-5+squeeze1libvirt0-dbg_0.8.3-5+squeeze1_i386.deb
Debian6ia64libvirt-bin< 0.8.3-5+squeeze1libvirt-bin_0.8.3-5+squeeze1_ia64.deb
Debian6mipsellibvirt0< 0.8.3-5+squeeze1libvirt0_0.8.3-5+squeeze1_mipsel.deb
Debian6s390libvirt-bin< 0.8.3-5+squeeze1libvirt-bin_0.8.3-5+squeeze1_s390.deb
Debian6s390python-libvirt< 0.8.3-5+squeeze1python-libvirt_0.8.3-5+squeeze1_s390.deb
Debian6powerpclibvirt0< 0.8.3-5+squeeze1libvirt0_0.8.3-5+squeeze1_powerpc.deb
Debian6ia64libvirt-dev< 0.8.3-5+squeeze1libvirt-dev_0.8.3-5+squeeze1_ia64.deb
Debian6ia64libvirt0< 0.8.3-5+squeeze1libvirt0_0.8.3-5+squeeze1_ia64.deb
Debian6amd64libvirt0< 0.8.3-5+squeeze1libvirt0_0.8.3-5+squeeze1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	powerpc	libvirt0-dbg	< 0.8.3-5+squeeze1	libvirt0-dbg_0.8.3-5+squeeze1_powerpc.deb
Debian	6	i386	libvirt0-dbg	< 0.8.3-5+squeeze1	libvirt0-dbg_0.8.3-5+squeeze1_i386.deb
Debian	6	ia64	libvirt-bin	< 0.8.3-5+squeeze1	libvirt-bin_0.8.3-5+squeeze1_ia64.deb
Debian	6	mipsel	libvirt0	< 0.8.3-5+squeeze1	libvirt0_0.8.3-5+squeeze1_mipsel.deb
Debian	6	s390	libvirt-bin	< 0.8.3-5+squeeze1	libvirt-bin_0.8.3-5+squeeze1_s390.deb
Debian	6	s390	python-libvirt	< 0.8.3-5+squeeze1	python-libvirt_0.8.3-5+squeeze1_s390.deb
Debian	6	powerpc	libvirt0	< 0.8.3-5+squeeze1	libvirt0_0.8.3-5+squeeze1_powerpc.deb
Debian	6	ia64	libvirt-dev	< 0.8.3-5+squeeze1	libvirt-dev_0.8.3-5+squeeze1_ia64.deb
Debian	6	ia64	libvirt0	< 0.8.3-5+squeeze1	libvirt0_0.8.3-5+squeeze1_ia64.deb
Debian	6	amd64	libvirt0	< 0.8.3-5+squeeze1	libvirt0_0.8.3-5+squeeze1_amd64.deb