drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Fehlerhafte Zugriffsrechte in libvirt (Aktualisierung)
| Name: |
Fehlerhafte Zugriffsrechte in libvirt (Aktualisierung) |
|
| ID: |
DSA-2650-2 |
|
| Distribution: |
Debian |
|
| Plattformen: |
Debian squeeze |
|
| Datum: |
Mo, 18. März 2013, 08:05 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1766 |
|
| Applikationen: |
libvirt |
|
| Update von: |
Fehlerhafte Zugriffsrechte in libvirt-bin |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2650-2 security@debian.org
http://www.debian.org/security/ Yves-Alexis Perez
March 17, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libvirt
Vulnerability : files and device nodes ownership change to kvm group
Problem type : local
Debian-specific: yes
CVE ID : CVE-2013-1766
Debian Bug : 701649
The recent security update for libvirt was found to cause a regression.
The kvm/qemu processes weren't run as the `kvm` user anymore in order to
fix the file/device ownership changes, but the processes where not
correctly configured to use the `kvm` group either. When the user would
try to run a virtual machine, the process was denied access to the
/dev/kvm device node, preventing the virtual machine to run.
For the stable distribution (squeeze), this problem has been fixed in
version 0.8.3-5+squeeze5.
We recommend that you upgrade your libvirt packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQEcBAEBCgAGBQJRRj1OAAoJEG3bU/KmdcCltXgH/15HV8NfOc8zjnHfbmGoG0ZV
ihcLP6zdBOlrdnfl54sGyGXWh2Gw95O8anrYuIUPSlduhHh5XxNXq2nl/+qYORo5
ltpFp82dQuUz0B93QuQ8bYyg6BfM7pXE8G7FkWYbPvd6LzAOp8F1ldTjLwLjWDLP
tFQ+YoNK+IW8ZxB7cXxO/szgdblby4ZwHS2tUfNB4+J1/+pwdxKcEoHf43ap528q
brEbFq5EcFqPAxnY7f127J5zyFjX6BM/+NmEgNb4NiVW4JqeBguHOed0XmTAIFwt
RIzt/kipO/GVGbtk2faMyrTZOvxchq1Kq2wnCgFGJTkP9rS0g44JlnIdIkqqVck=
=+lg6
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Archive: http://lists.debian.org/20130317220154.GA25535@scapa.corsac.net
|
|
|
|
