Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in libvirt
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in libvirt
ID: FEDORA-2013-1642
Distribution: Fedora
Plattformen: Fedora 16
Datum: Fr, 8. Februar 2013, 10:39
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0170
Applikationen: libvirt

Originalnachricht

Name        : libvirt
Product : Fedora 16
Version : 0.9.6.4
Release : 1.fc16
URL : http://libvirt.org/
Summary : Library providing a simple virtualization API
Description :
Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). The main package includes
the libvirtd server exporting the virtualization support.

-------------------------------------------------------------------------------
-
Update Information:

* Rebased to version 0.9.6.4
* CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() (bz #893450, bz
#905173)
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Jan 28 2013 Cole Robinson <crobinso@redhat.com> - 0.9.6.4-1
- Rebased to version 0.9.6.4
- CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() (bz #893450, bz
* Sun Oct 7 2012 Cole Robinson <crobinso@redhat.com> - 0.9.6.3-1
- Rebased to version 0.9.6.3
- CVE-2012-4423 Fix null dereference (bz #857135, bz #857133)
* Mon Aug 13 2012 Cole Robinson <crobinso@redhat.com> - 0.9.6.2-1
- Rebased to version 0.9.6.2
- Fix crash in virTypedParameterArrayClear (bz 844745, bz 844734)
* Fri Jun 15 2012 Cole Robinson <crobinso@redhat.com> - 0.9.6.1-1
- Rebased to version 0.9.6.1
- Emit spice graphics events (bz 784813)
- Add usbredir spice channel (bz 821469)
- Add default spice channel (bz 821474)
- Various stream fixes and improvements (bz 743900)
- Fix state syncing when xen domain shuts down (bz 746007)
- Don't show <console> for xen dom0 (bz 752271)
- Fix selinux denial on /usr/libexec/pt_chown from LXC (bz 785411)
- Don't flood LXC log file (bz 785431)
- Fix several double close bugs (bz 827127)
- Fix PCI assignment for USB2.0 controllers (bz 822160)
* Fri Mar 30 2012 Osier Yang <jyang@redhat.com> - 0.9.6-6
- fix typo in chkconfig commandline for specfile - Bug 786890
* Sun Mar 4 2012 Cole Robinson <crobinso@redhat.com> - 0.9.6-5
- Fix crash when migrating many guests with vdsm (bz 785789)
- Fix libvirtd hang in vmware guest (bz 796451)
- Don't start HAL in init script (bz 789234)
- Fix storage lookup errors with empty lvm pool (bz 782261)
- Fix test failures with new gnutls
* Mon Dec 19 2011 Laine Stump <laine@redhat.com> - 0.9.6-4
- replace "fedora-13" machine type with "pc-0.14" to prepare
systems for removal of "fedora-13" from qemu - Bug 754772
- don't add iptables rules for externally managed networks
- Buf 765964 / CVE-2011-4600
- specfile changes
- Bug 761329 don't use chkconfig --list
- Bug 758896 mark directories in /var/run as ghosts
- Bug 738725 fix logic bug in deciding to turn on cgconfig
- Bug 754909 add dmidecode as a prerequisite
- new async-safe time API + make logging async signal sage wrt.
time stamp generation - Bug 757382 (this required
enabling autoconf during the build)
* Tue Oct 11 2011 Dan Horák <dan[at]danny.cz> - 0.9.6-3
- xenlight available only on Xen arches (#745020)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #893450 - CVE-2013-0170 libvirt: use-after-free in
virNetMessageFree()
https://bugzilla.redhat.com/show_bug.cgi?id=893450
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update libvirt' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung