Pardus: 2011-102: libvirt: Multiple Vulnerabilities

Posted by Benjamin D. Thomas
Multiple vulnerabilities have been fixed in libvirt.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-102           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-08-04
      Type: Remote
------------------------------------------------------------------------

Summary
======
Multiple vulnerabilities have been fixed in libvirt.


Description
==========
CVE-2011-1486:

When several libvirtd threads are reporting errors at the same time, the
errors can get mixed or corrupted, potentially leading  to  a  libvirtd
crash (DoS).



CVE-2011-1146:

It has been found that several libvirt API calls (virNodeDeviceDettach,
virNodeDeviceReset, virDomainRevertToSnapshot, virDomainSnapshotDelete)
did notm honour read-only connection. Remote attacker  could  use  this
flaw to crash the

host server (DoS)


Affected packages:

  Pardus 2009:
    libvirt, all before 0.8.7-14-8


Resolution
=========
There are update(s) for libvirt. You can update them via Package Manager
or with a single command from console:

    pisi up libvirt

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id670
  * http://bugs.pardus.org.tr/show_bug.cgi?id336

------------------------------------------------------------------------