Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-1094-1] Libvirt vulnerability
From: Jamie Strandboge <jamie () canonical com>
Date: Tue, 29 Mar 2011 11:44:56 -0500

===========================================================
Ubuntu Security Notice USN-1094-1            March 29, 2011
libvirt vulnerability
CVE-2011-1146
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  libvirt0                        0.7.0-1ubuntu13.3

Ubuntu 10.04 LTS:
  libvirt0                        0.7.5-5ubuntu27.9

Ubuntu 10.10:
  libvirt0                        0.8.3-1ubuntu14.1

In general, a standard system update will make all the necessary changes.

Details follow:

Petr Matousek discovered that libvirt did not always honor read-only
connections. An attacker who is authorized to connect to the libvirt daemon
could exploit this to cause a denial of service via application crash.


Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.0-1ubuntu13.3.diff.gz
      Size/MD5:   745434 18fdae17991560abb61812be87dc69ee
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.0-1ubuntu13.3.dsc
      Size/MD5:     2484 81391a8821631250e9ab258d89267770
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.0.orig.tar.gz
      Size/MD5:  7914077 8c2c14a7695c9c661004bcfc6468d62d

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.7.0-1ubuntu13.3_all.deb
      Size/MD5:   594392 9590252ba33110c2017aab77a2d21054

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.3_amd64.deb
      Size/MD5:   403860 d7ca31d566995dad3a7e2d0db0a69bdd
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.3_amd64.deb
      Size/MD5:   510860 8b17b036119238eb6fa40ae6d082a9cc
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.3_amd64.deb
      Size/MD5:   823326 472e1e8ce68abc505bea16037ae560d3
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.3_amd64.deb
      Size/MD5:   412862 0999d15cd3b1f66cf8310089c8af232d
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.3_amd64.deb
      Size/MD5:    50210 cccd9d1b1fc5d4ba25a1c2016bd615d7

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.3_i386.deb
      Size/MD5:   394958 998a2e6038371ded95448c411c637be9
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.3_i386.deb
      Size/MD5:   500958 c3de8c97b07b0ca2232ab0e2e5acb386
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.3_i386.deb
      Size/MD5:   791276 9266cdd6c42b8c662968cf2bd8d251aa
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.3_i386.deb
      Size/MD5:   405862 e8c137d02d71ad5cd09c75cda439a5af
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.3_i386.deb
      Size/MD5:    48704 a70fcdac6855f962114910306c74a780

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.3_armel.deb
      Size/MD5:   396230 01f514fcfd559fdd0daa4a903f3b0d0b
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.3_armel.deb
      Size/MD5:   328774 477f9ad9224eb90975280463dbc2f114
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.3_armel.deb
      Size/MD5:   495448 726f94fc230f6e806df88118b07c27fe
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.3_armel.deb
      Size/MD5:   272502 d60fff17077eb17e575c79b61ab98737
    http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.3_armel.deb
      Size/MD5:    44072 5d467c3a8078263c844d523b3c855e0d

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.3_lpia.deb
      Size/MD5:   429326 afe8c7ae1e27c1aa53da7a174c3872cc
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.3_lpia.deb
      Size/MD5:   344042 8a74f7e16fb3e128d296cc1587b92aaf
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.3_lpia.deb
      Size/MD5:   492764 160dec1145dcac9c6674795aef001557
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.3_lpia.deb
      Size/MD5:   295892 6cf27b30911c8f9426d748524ec53ee0
    http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.3_lpia.deb
      Size/MD5:    50034 62da87372823c7f25fd3dc66314b5ffc

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.3_powerpc.deb
      Size/MD5:   419834 6d3584a3085c31cdb448c5e92b87231f
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.3_powerpc.deb
      Size/MD5:   328144 952793d72edc25475de7d7fcb33c1cd7
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.3_powerpc.deb
      Size/MD5:   511278 d2da73d62b01f792e60eeb3ad261732d
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.3_powerpc.deb
      Size/MD5:   300540 2952822416edd6d4a1a19a825c78616c
    http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.3_powerpc.deb
      Size/MD5:    51412 0ce914f58ca2700fb52f96b1bf6acc6a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.3_sparc.deb
      Size/MD5:   392312 0e1c821654bed3547755978ed60a98a1
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.3_sparc.deb
      Size/MD5:   341680 2fe7577c272a6c983172752f9cb40692
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.3_sparc.deb
      Size/MD5:   461314 be7912ac9a8a81a01fcf79c1ec8360b4
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.3_sparc.deb
      Size/MD5:   275128 96d18edf5ef6c5f4acc8592ffe70a201
    http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.3_sparc.deb
      Size/MD5:    49902 bcb94656f352abc825758ff351580c82

Updated packages for Ubuntu 10.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.9.diff.gz
      Size/MD5:    79590 dbfee62055eef69166bcbae32943868a
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.9.dsc
      Size/MD5:     2636 a43760f77881a106dc6512c6ffcbbf39
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5.orig.tar.gz
      Size/MD5:  9343666 06eedba78d4848cede7ab1a6e48f6df9

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.7.5-5ubuntu27.9_all.deb
      Size/MD5:   756396 e3a63e1d68ea6152d6f9674c38d91046

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.9_amd64.deb
      Size/MD5:   597418 e66962022a4c5a62ddbc3a7f449181c8
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.9_amd64.deb
      Size/MD5:   647348 9744b61b0630fd0f2b543b8f61a4a240
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.9_amd64.deb
      Size/MD5:  2326460 b227c9a4349297d40e8514310b7daf54
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.9_amd64.deb
      Size/MD5:   646904 f68fdcbb53151a9c01f34af092fceb6c
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.9_amd64.deb
      Size/MD5:    57354 6d1814dab3b0c92b86208bb1241cd137

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.9_i386.deb
      Size/MD5:   580212 b531620d02863818615b319a65fcd792
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.9_i386.deb
      Size/MD5:   637800 3f73a629abf7a7c36821f87e404da6e9
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.9_i386.deb
      Size/MD5:  2234636 b9eb02b5e647a8c628a7cb11a5ea5d89
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.9_i386.deb
      Size/MD5:   639180 52a4b631e3b684a384090f7bbfaaaa5d
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.9_i386.deb
      Size/MD5:    55768 b160fba16e0a38cc8ff2809402dc3d1e

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.9_armel.deb
      Size/MD5:   570462 b9d67701834c45d76704aeb447601ce3
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.9_armel.deb
      Size/MD5:   393384 a7df540122da4e21831e7e935c11043d
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.9_armel.deb
      Size/MD5:  1890446 61d7ed2ebbddea110bd11cb33f2727e3
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.9_armel.deb
      Size/MD5:   454310 ba2296a552e2ddd9a4b347e051dc5daf
    http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.9_armel.deb
      Size/MD5:    51172 e3aab2e92a1cbc7ae3739b7497746fba

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.9_powerpc.deb
      Size/MD5:   620986 8df2d72a6b7cb4509cc38d0e5739b946
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.9_powerpc.deb
      Size/MD5:   408434 cc1b99b08caae417b7a4d2a95bc22adf
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.9_powerpc.deb
      Size/MD5:  1887760 7262ac20d1d866b49c8227b5d049cec8
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.9_powerpc.deb
      Size/MD5:   496356 3cbb12e3ca51fff4f23464ca3cdecd65
    http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.9_powerpc.deb
      Size/MD5:    59374 af02c87121e54bc82441c711af4e2770

Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.8.3-1ubuntu14.1.debian.tar.gz
      Size/MD5:    65778 7322646038b35bc5597d9d16b508f127
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.8.3-1ubuntu14.1.dsc
      Size/MD5:     2669 5da1871457fdee4f8dab0b53132c1669
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.8.3.orig.tar.gz
      Size/MD5: 12430752 ae8535ce119d32a2e9fb1f46e2c8f325

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.8.3-1ubuntu14.1_all.deb
      Size/MD5:   820732 eb9c4c132cc5cbc932a38c1be03f86c9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.8.3-1ubuntu14.1_amd64.deb
      Size/MD5:   789948 ed41d2c9836d6d30d20c86792123cc93
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.8.3-1ubuntu14.1_amd64.deb
      Size/MD5:   655932 71c9e1a640228d0e870ae356b1efcd3c
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.8.3-1ubuntu14.1_amd64.deb
      Size/MD5:  2685230 e0c3aa32688fca82fb46dc1baadd2d0b
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.8.3-1ubuntu14.1_amd64.deb
      Size/MD5:   566848 bdb51851686e7ebdbe9a5630f4317f2c
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.8.3-1ubuntu14.1_amd64.deb
      Size/MD5:    66424 fe7739310007e1c42b38398457668e43

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.8.3-1ubuntu14.1_i386.deb
      Size/MD5:   766740 a6f8646f5e9d7e6846dc70cb6f64b152
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.8.3-1ubuntu14.1_i386.deb
      Size/MD5:   641296 dc4b5fe33ee7c85401b1fbdd63574544
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.8.3-1ubuntu14.1_i386.deb
      Size/MD5:  2585322 bfeae234d8a63d64be212901c1fe1e7a
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.8.3-1ubuntu14.1_i386.deb
      Size/MD5:   553126 bf2eb0e856fdc51e763eb79564f230fb
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.8.3-1ubuntu14.1_i386.deb
      Size/MD5:    64432 3f1ff9b1134b3cae3e7d863873944253

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.8.3-1ubuntu14.1_armel.deb
      Size/MD5:   787038 7fa41ca5f9abbc0bbed5943717b0f301
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.8.3-1ubuntu14.1_armel.deb
      Size/MD5:   537538 b6b01d3f968df770813f7d7fdea3965b
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.8.3-1ubuntu14.1_armel.deb
      Size/MD5:  2478628 7a7bc6750228de570d6d003fffb5b5a7
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.8.3-1ubuntu14.1_armel.deb
      Size/MD5:   476782 e37ff729fe77d8eeca63022c9219d773
    http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.8.3-1ubuntu14.1_armel.deb
      Size/MD5:    60568 8524aac0e2c5ce018353ccf25eeb4938

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.8.3-1ubuntu14.1_powerpc.deb
      Size/MD5:   820744 5047a6be2da3646d66aec9041a98e80e
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.8.3-1ubuntu14.1_powerpc.deb
      Size/MD5:   533026 05b9b6ea37df2b35d14a6015d2a14490
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.8.3-1ubuntu14.1_powerpc.deb
      Size/MD5:  2474132 0282707b7d664a175be082634eea7bb6
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.8.3-1ubuntu14.1_powerpc.deb
      Size/MD5:   508594 bb6f546eaa705a7fe6071fa5689b32c5
    http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.8.3-1ubuntu14.1_powerpc.deb
      Size/MD5:    68872 fdfbe3eeb22f86730a0ee15f6aaf0c2f



Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-1094-1] Libvirt vulnerability Jamie Strandboge (Mar 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault