drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in libvirt
Name: |
Zwei Probleme in libvirt |
|
ID: |
USN-2209-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 13.10 |
|
Datum: |
Do, 8. Mai 2014, 07:52 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7336 |
|
Applikationen: |
libvirt |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============9122396194134256197== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="RJ54GRKNRfloOS58KdmaoH7lPLcAAxjKc"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --RJ54GRKNRfloOS58KdmaoH7lPLcAAxjKc Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2209-1 May 07, 2014
libvirt vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
Summary:
Several security issues were fixed in libvirt.
Software Description: - libvirt: Libvirt virtualization toolkit
Details:
It was discovered that libvirt incorrectly handled symlinks when using the LXC driver. An attacker could possibly use this issue to delete host devices, create arbitrary nodes, and shutdown or power off the host. (CVE-2013-6456)
Marian Krcmarik discovered that libvirt incorrectly handled seamless SPICE migrations. An attacker could possibly use this issue to cause a denial of service. (CVE-2013-7336)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.10: libvirt-bin 1.1.1-0ubuntu8.11 libvirt0 1.1.1-0ubuntu8.11
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2209-1 CVE-2013-6456, CVE-2013-7336
Package Information: https://launchpad.net/ubuntu/+source/libvirt/1.1.1-0ubuntu8.11
--RJ54GRKNRfloOS58KdmaoH7lPLcAAxjKc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJTanemAAoJEGVp2FWnRL6TDMwP/1zUETkUkvfhLYEuyKnUmzYM irtV5AbL/A8CFzG59B81KSVtEF+zd8BVTQG7dnOtoDZHCu/6Mz0ogAd1RR1k7CUZ nUgJTPnKkWrmeu8dzR9Qm0qzbJ+SVhIcDgNyE6kZhqQmbRt6ot+VqK1m68ip0DUs MBGwiHjs5eOrxbYPMPzGW1AK04ZSQuL0MZ7JP3cDPSdwVrC9x1i15uc4iwy2Nwcz Y7d0IYLrXF51FsI7LEoVUcjKBHTc4lAlJPMhjk2sFdsivZB7jpkXH4RDoxyj8YFS OjYc626Ar0C1Ghn7/fxb2ZH0I9i2OQIJ5ikCDRaCmTXIoSWKCXJ8jAwcy1KQ8sx3 Cez8mFzsAI/l07OE35E0wiiXMdFrbt2lmyZ2UFVTf2gcMfWhSadzJJgOMqlqdRMB llFU0NdWBrhjIa27ivtI2gzwfiYBHCVBgs3cv3MV00xKAJIfQQlVuGVFo8zVL1UK aMane/HgPC27tJeyyBfXEMT5YEbvKUDyd+D1hbfstysEYws2LGNe56WHko5lX62S JQW3T30IiLlklom4kuOOKDuE4vk2xl92SiMv/N++Nl/saiqZbsxz71ZNtqHdn25R OrdIeWMQ5btK0eenosdvuO9baW5FCxgYGl/I/aY5w6GnhtoNW5moTl6nrmUIrOsm ifANEUtCK708cQ3UYG1f =QYmM -----END PGP SIGNATURE-----
--RJ54GRKNRfloOS58KdmaoH7lPLcAAxjKc--
--===============9122396194134256197== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============9122396194134256197==--
|
|
|
|