LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: 1008-3: libvirt update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-1008-1 fixed vulnerabilities in libvirt. The update for Ubuntu 10.04LTS reverted a recent bug fix update. This update fixes the problem. [More...]
===========================================================
Ubuntu Security Notice USN-1008-3           October 23, 2010
libvirt update
https://launchpad.net/bugs/665182
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  libvirt-bin                     0.7.5-5ubuntu27.6
  libvirt0                        0.7.5-5ubuntu27.6

In general, a standard system update will make all the necessary changes.

Details follow:

USN-1008-1 fixed vulnerabilities in libvirt. The update for Ubuntu 10.04
LTS reverted a recent bug fix update. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 It was discovered that libvirt would probe disk backing stores without
 consulting the defined format for the disk. A privileged attacker in the
 guest could exploit this to read arbitrary files on the host. This issue
 only affected Ubuntu 10.04 LTS. By default, guests are confined by an
 AppArmor profile which provided partial protection against this flaw.
 (CVE-2010-2237, CVE-2010-2238)
 
 It was discovered that libvirt would create new VMs without setting a
 backing store format. A privileged attacker in the guest could exploit this
 to read arbitrary files on the host. This issue did not affect Ubuntu 8.04
 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile
 which provided partial protection against this flaw. (CVE-2010-2239)
 
 Jeremy Nickurak discovered that libvirt created iptables rules with too
 lenient mappings of source ports. A privileged attacker in the guest could
 bypass intended restrictions to access privileged resources on the host.
 (CVE-2010-2242)


Updated packages for Ubuntu 10.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.6.diff.gz
      Size/MD5:    78215 71ee1ea151a32295ec633a7f968f699c
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.6.dsc
      Size/MD5:     2636 bd3f86b8a8ecc30aed7ffec0ef5b4cc0
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5.orig.tar.gz
      Size/MD5:  9343666 06eedba78d4848cede7ab1a6e48f6df9

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.7.5-5ubuntu27.6_all.deb
      Size/MD5:   756238 359eb3b1dfebf7ae8f2e34aa97550c28

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.6_amd64.deb
      Size/MD5:   595986 7d54c7a6bfa9e7bb529b8a8858f522f9
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.6_amd64.deb
      Size/MD5:   646450 97d149404f93bc87631ab46651a0e1a3
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.6_amd64.deb
      Size/MD5:  2324248 6a12631e174ce5be0348dbc9e1a1b646
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.6_amd64.deb
      Size/MD5:   645976 9e359722abdff97a48c3bb5839722efd
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.6_amd64.deb
      Size/MD5:    57362 45a947194bf7c281fb780672f67f3596

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.6_i386.deb
      Size/MD5:   580124 e93a706831f50c5861a13f2a87843e81
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.6_i386.deb
      Size/MD5:   637668 afbe799b18412fd7368805edd20b9637
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.6_i386.deb
      Size/MD5:  2234436 243ef0bb32b3f2ccb1281b856661dcbd
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.6_i386.deb
      Size/MD5:   638638 7af0b516d514dd96f9b9aaf5edfe7d5d
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.6_i386.deb
      Size/MD5:    55770 0dab08df63c45482a5a6c40320ccbdc3

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.6_powerpc.deb
      Size/MD5:   620808 c9fb13e5a70c3f8a882d4c16e5015a03
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.6_powerpc.deb
      Size/MD5:   408264 ad027f50a091e87ae90d0107108fe3c9
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.6_powerpc.deb
      Size/MD5:  1887452 cd1794391845d2c73069f2ccc9cd06b9
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.6_powerpc.deb
      Size/MD5:   496036 fafb36561433e84ae0f20b2b71105491
    http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.6_powerpc.deb
      Size/MD5:    59372 9f5b65e61d17a0b68a50a8484b1fb48f




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.