drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in libvirt
Name: |
Zwei Probleme in libvirt |
|
ID: |
FEDORA-2011-4870 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 13 |
|
Datum: |
Di, 19. April 2011, 08:51 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1486 |
|
Applikationen: |
libvirt |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2011-4870 2011-04-06 21:47:24 ------------------------------------------------------------------------------- -
Name : libvirt Product : Fedora 13 Version : 0.8.2 Release : 6.fc13 URL : http://libvirt.org/ Summary : Library providing a simple API virtualization Description : Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support.
------------------------------------------------------------------------------- - Update Information:
Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe Fix specfile to create /var/lib/libvirt with proper permissions. fix a lack of API check on read-only connections this build fix one crash in the the error handling fix a lack of API check on read-only connections
------------------------------------------------------------------------------- - ChangeLog:
* Tue Apr 5 2011 Laine Stump <laine@redhat.com> 0.8.2-6 - Add changes to fedora-specific libvirt.spec forgotten in 0.8.2-4 * Tue Apr 5 2011 Laine Stump <laine@redhat.com> 0.8.2-5 - Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe, bug 693457 * Mon Apr 4 2011 Laine Stump <laine@redhat.com> 0.8.2-4 - fix permissions on /var/lib/libvirt * Wed Mar 16 2011 Daniel Veillard <veillard@redhat.com> - 0.8.2-3 - fix one crash in the the error handling for previous patch * Tue Mar 15 2011 Daniel Veillard <veillard@redhat.com> - 0.8.2-2 - Fix for CVE-2011-1146, missing checks on read-only connections bug 683655 * Thu Jun 17 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-5.fc13 - Add qemu.conf options for audio workaround - Fix parsing certain USB sysfs files (bz 598272) - Sanitize pool target paths (bz 494005) - Add qemu.conf for clear emulator capabilities - Prevent libvirtd inside a VM from breaking network access (bz 235961) - Mention --all in 'virsh list' docs (bz 575512) - Initscript fixes (bz 565238) - List wireless interfaces via nodedev-list (bz 596928) * Tue May 18 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-4.fc13 - Fix nodedev XML conversion errors (bz 591262) - Fix PCI xml decimal parsing (bz 582752) - Fix CDROM media connect/eject (bz 582005) - Always report qemu startup output on error (bz 581381) - Fix crash from 'virsh dominfo' if secdriver disabled (bz 581166) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #693391 - CVE-2011-1486 libvirt: error reporting in libvirtd is not thread safe https://bugzilla.redhat.com/show_bug.cgi?id=693391 [ 2 ] Bug #683650 - CVE-2011-1146 libvirt: several API calls do not honour read-only connection https://bugzilla.redhat.com/show_bug.cgi?id=683650 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update libvirt' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|