==========================================================================
Ubuntu Security Notice USN-2209-1
May 07, 2014
libvirt vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 13.10
Summary:
Several security issues were fixed in libvirt.
Software Description:
– libvirt: Libvirt virtualization toolkit
Details:
It was discovered that libvirt incorrectly handled symlinks when using the
LXC driver. An attacker could possibly use this issue to delete host
devices, create arbitrary nodes, and shutdown or power off the host.
(CVE-2013-6456)
Marian Krcmarik discovered that libvirt incorrectly handled seamless SPICE
migrations. An attacker could possibly use this issue to cause a denial of
service. (CVE-2013-7336)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libvirt-bin 1.1.1-0ubuntu8.11
libvirt0 1.1.1-0ubuntu8.11
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2209-1
CVE-2013-6456, CVE-2013-7336
Package Information:
https://launchpad.net/ubuntu/+source/libvirt/1.1.1-0ubuntu8.11
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJTanemAAoJEGVp2FWnRL6TDMwP/1zUETkUkvfhLYEuyKnUmzYM
irtV5AbL/A8CFzG59B81KSVtEF+zd8BVTQG7dnOtoDZHCu/6Mz0ogAd1RR1k7CUZ
nUgJTPnKkWrmeu8dzR9Qm0qzbJ+SVhIcDgNyE6kZhqQmbRt6ot+VqK1m68ip0DUs
MBGwiHjs5eOrxbYPMPzGW1AK04ZSQuL0MZ7JP3cDPSdwVrC9x1i15uc4iwy2Nwcz
Y7d0IYLrXF51FsI7LEoVUcjKBHTc4lAlJPMhjk2sFdsivZB7jpkXH4RDoxyj8YFS
OjYc626Ar0C1Ghn7/fxb2ZH0I9i2OQIJ5ikCDRaCmTXIoSWKCXJ8jAwcy1KQ8sx3
Cez8mFzsAI/l07OE35E0wiiXMdFrbt2lmyZ2UFVTf2gcMfWhSadzJJgOMqlqdRMB
llFU0NdWBrhjIa27ivtI2gzwfiYBHCVBgs3cv3MV00xKAJIfQQlVuGVFo8zVL1UK
aMane/HgPC27tJeyyBfXEMT5YEbvKUDyd+D1hbfstysEYws2LGNe56WHko5lX62S
JQW3T30IiLlklom4kuOOKDuE4vk2xl92SiMv/N++Nl/saiqZbsxz71ZNtqHdn25R
OrdIeWMQ5btK0eenosdvuO9baW5FCxgYGl/I/aY5w6GnhtoNW5moTl6nrmUIrOsm
ifANEUtCK708cQ3UYG1f
=QYmM
—–END PGP SIGNATURE—–
—