drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in libvirt
Name: |
Mehrere Probleme in libvirt |
|
ID: |
USN-2867-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 15.04, Ubuntu 15.10 |
|
Datum: |
Di, 12. Januar 2016, 23:07 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8136 |
|
Applikationen: |
libvirt |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4190063107548556036== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="FdLE7iqHogo53jPEaxDxPbnSQDLIX9HW3"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --FdLE7iqHogo53jPEaxDxPbnSQDLIX9HW3 Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2867-1 January 12, 2016
libvirt vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in libvirt.
Software Description: - libvirt: Libvirt virtualization toolkit
Details:
It was discovered that libvirt incorrectly handled the firewall rules on bridge networks when the daemon was restarted. This could result in an unintended firewall configuration. This issue only applied to Ubuntu 12.04 LTS. (CVE-2011-4600)
Peter Krempa discovered that libvirt incorrectly handled locking when certain ACL checks failed. A local attacker could use this issue to cause libvirt to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-8136)
Luyao Huang discovered that libvirt incorrectly handled VNC passwords in shapshot and image files. A remote authenticated user could use this issue to possibly obtain VNC passwords. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-0236)
Han Han discovered that libvirt incorrectly handled volume creation failure when used with NFS. A remote authenticated user could use this issue to cause libvirt to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10. (CVE-2015-5247)
Ossi Herrala and Joonas Kuorilehto discovered that libvirt incorrectly performed storage pool name validation. A remote authenticated user could use this issue to bypass ACLs and gain access to unintended files. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-5313)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: libvirt-bin 1.2.16-2ubuntu11.15.10.2 libvirt0 1.2.16-2ubuntu11.15.10.2
Ubuntu 15.04: libvirt-bin 1.2.12-0ubuntu14.4 libvirt0 1.2.12-0ubuntu14.4
Ubuntu 14.04 LTS: libvirt-bin 1.2.2-0ubuntu13.1.16 libvirt0 1.2.2-0ubuntu13.1.16
Ubuntu 12.04 LTS: libvirt-bin 0.9.8-2ubuntu17.23 libvirt0 0.9.8-2ubuntu17.23
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2867-1 CVE-2011-4600, CVE-2014-8136, CVE-2015-0236, CVE-2015-5247, CVE-2015-5313
Package Information: https://launchpad.net/ubuntu/+source/libvirt/1.2.16-2ubuntu11.15.10.2 https://launchpad.net/ubuntu/+source/libvirt/1.2.12-0ubuntu14.4 https://launchpad.net/ubuntu/+source/libvirt/1.2.2-0ubuntu13.1.16 https://launchpad.net/ubuntu/+source/libvirt/0.9.8-2ubuntu17.23
--FdLE7iqHogo53jPEaxDxPbnSQDLIX9HW3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJWlUNVAAoJEGVp2FWnRL6T/BMQALxBmjLVWzn1Af9tlOLet0IG j0TZo0R1co0z+Wwxc4myC/fgOnGR58ONV2zwGMQkeqtNucNlQFVPYFDiLkm4GSKq mBtu/X2MQhzIAw3XYmMSBrT+M84nPquiEJOtZThePWW9H6Mixgg0fhbLnQOY6PRi 90Xh+rhPU0amSmvueEbVH8iHfCV4hd4S+aZsjDDRoHc174UMIuMobhtEKoR0Wsqr O/dDSbOfsvQhc/vv76QdZ6HWf3iQeFcc/J/G/ldWVRI3GjsmSNb/A4w0VJZkVIm6 JCvRU3g8VXQU+vdGsJyLlNKeujNRX86YMu3eRgslKkyEllJ7wth7wQMRBITRWeks TZu4ijz61lCOJEUjSyCeFo+A7Z39y+a9vIfXL5I6llST51eOesD/dXLGob65PKMI GBiZU7ucmQ2F6JQS/IBjEM+4MqBMglESjhd4KpKAOtHfDPtMnpUUN2nadgAKMEyn zYmWC84EHOLUJty7IHxunf2rSGAv9hV16eZb/aXYtUY1SJ8HTbfoi6rSvgc7DtZf mc2gxH+abHd6rzTxpCJCkGGjUZ9ASFV5d4eHKDxb0tDiuWlpm1ZmPm1VG4qS1wbE zLdN0f5Om+XMs/7Ilh2zkS78lUw5j4HLLeynUs79OU6I9w6RTnZrdFJ80sku8cSZ 8dx2Py+z7XJv2Djtxu5f =AFJ6 -----END PGP SIGNATURE-----
--FdLE7iqHogo53jPEaxDxPbnSQDLIX9HW3--
--===============4190063107548556036== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4190063107548556036==--
|
|
|
|