Sicherheit: Zwei Probleme in libvirt

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8384768087571480728==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="XNX6UR1MoT4u2o9ffQ84IANJah54IEEWK"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--XNX6UR1MoT4u2o9ffQ84IANJah54IEEWK
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2404-1
November 11, 2014

libvirt vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in libvirt.

Software Description:
- libvirt: Libvirt virtualization toolkit

Details:

Pavel Hrdina discovered that libvirt incorrectly handled locking when
processing the virConnectListAllDomains command. An attacker could use this
issue to cause libvirtd to hang, resulting in a denial of service.
(CVE-2014-3657)

Eric Blake discovered that libvirt incorrectly handled permissions when
processing the qemuDomainFormatXML command. An attacker with read-only
privileges could possibly use this to gain access to certain information
from the domain xml file. (CVE-2014-7823)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
libvirt-bin 1.2.8-0ubuntu11.1
libvirt0 1.2.8-0ubuntu11.1

Ubuntu 14.04 LTS:
libvirt-bin 1.2.2-0ubuntu13.1.7
libvirt0 1.2.2-0ubuntu13.1.7

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2404-1
CVE-2014-3657, CVE-2014-7823

Package Information:
https://launchpad.net/ubuntu/+source/libvirt/1.2.8-0ubuntu11.1
https://launchpad.net/ubuntu/+source/libvirt/1.2.2-0ubuntu13.1.7

--XNX6UR1MoT4u2o9ffQ84IANJah54IEEWK
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUYj9tAAoJEGVp2FWnRL6T96wP/A7CiaKYTklNqpEd6pOJpjf1
BTUMZ6cVITNzbvFSb/MbBdVEe4Dzp3mPmrlEBQVUDQtinFqjx9+6Ji1oBPhYimkf
Fi5Q7DtuDpf0eFe+rropJLdth4DbM5Y5YaY6Znsn/oA/3O418ox+wHM8XRaE6uKr
2FGNiAMvO88gXaaDSkSM4MGr/crYLUfclOLKdow+Sz923woCfWJ0Bh+LvpEOaoXD
vBQFntwJCw19ssyHkWEOzykvDmur7SJWwH3tne8x0i+Z7fB5p2zHPQU9BXKZqvW4
lsTVPJgqwN7yYEFyOr3WoTHD56nlE+M7FS0FjqJJuGiMacuKniyBG79rF7ZABwSZ
92RL2+AfuohV54697BwkBD84l80UU5rm8CDpwZah2MHkWgpjYrb5Vn18ChJPTLTY
sM+M+MkmfCRjmF8ttA8+QbJ2Gt3uFp6lHF4m5AmCVBJ25UGm2dUly8v52o5DoJf8
D5f0JPCay7CqVm1mCa5YCuriS8kN8Xn8w6JADC+Tjt/EZf8fZfesqY1u6n1aOXrU
bHfWRLWZjhB289N2LzGSHBwidbhpIIUwhCQ+WPBBzsgG+f6c/vQgz3ydZgsEmU5Y
XO9hS/VjyzzVMdaT5ZDeeEwVEtccrB64LhwH21odjYY9kD0b+wDe5UMFYMBfjWdb
tcmXYZOyFQRiN2XxVba/
=lK4C
-----END PGP SIGNATURE-----

--XNX6UR1MoT4u2o9ffQ84IANJah54IEEWK--

--===============8384768087571480728==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============8384768087571480728==--