lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20081218002605.GF16973@severus.strandboge.com>
Date: Wed, 17 Dec 2008 18:26:05 -0600
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-694-1] libvirt vulnerability

===========================================================
Ubuntu Security Notice USN-694-1          December 18, 2008
libvirt vulnerability
CVE-2008-5086
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  libvirt0                        0.3.0-0ubuntu2.1

Ubuntu 8.04 LTS:
  libvirt0                        0.4.0-2ubuntu8.1

Ubuntu 8.10:
  libvirt0                        0.4.4-3ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that libvirt did not mark certain operations as read-only. A
local attacker may be able to perform privileged actions such as migrating
virtual machines, adjusting autostart flags, or accessing privileged data in
the virtual machine memory and disks.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.3.0-0ubuntu2.1.diff.gz
      Size/MD5:     3544 e3f113d1e263a8a5b2b831de6d242d1b
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.3.0-0ubuntu2.1.dsc
      Size/MD5:      808 df2b4d52fcdba599d46d3316b13458ff
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.3.0.orig.tar.gz
      Size/MD5:  2265548 e6a85e2ef99f985a298376e01fcc7a3c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.3.0-0ubuntu2.1_amd64.deb
      Size/MD5:   230520 783cfc179c03e40500fc1a1a3354dac4
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.3.0-0ubuntu2.1_amd64.deb
      Size/MD5:   186806 4d7e7f531ad07b08264856bf9762dc20
    http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/libvirt-bin_0.3.0-0ubuntu2.1_amd64.deb
      Size/MD5:   136992 27a0e129f38e57faae36b0adf6e1b000
    http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/python-libvirt_0.3.0-0ubuntu2.1_amd64.deb
      Size/MD5:    86872 1da16e06104d27759886b575d2b73f8f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.3.0-0ubuntu2.1_i386.deb
      Size/MD5:   217692 56dd66f156bee8b01f4b68e23e2811d3
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.3.0-0ubuntu2.1_i386.deb
      Size/MD5:   186672 3a708d77e58e68b4009937ae9500f8e6
    http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/libvirt-bin_0.3.0-0ubuntu2.1_i386.deb
      Size/MD5:   135332 69ba54123bc7cb52eebac54313ff6001
    http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/python-libvirt_0.3.0-0ubuntu2.1_i386.deb
      Size/MD5:    85340 c67f3ea7487e838af3ee7a0a21be4241

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.3.0-0ubuntu2.1_lpia.deb
      Size/MD5:   232922 d16c1c0f50b965c2f8a0663995764b5f
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.3.0-0ubuntu2.1_lpia.deb
      Size/MD5:   198292 ff4ab36c840d51a92bc76d18aedba3c4
    http://ports.ubuntu.com/pool/universe/libv/libvirt/libvirt-bin_0.3.0-0ubuntu2.1_lpia.deb
      Size/MD5:   142812 51aec3c2358e54a10783d6c14dcbfab1
    http://ports.ubuntu.com/pool/universe/libv/libvirt/python-libvirt_0.3.0-0ubuntu2.1_lpia.deb
      Size/MD5:    87042 80be0e16045d055f1afa897091a446bc

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.0-2ubuntu8.1.diff.gz
      Size/MD5:    18325 d9c67215893dd4041c4a114d7b8feddf
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.0-2ubuntu8.1.dsc
      Size/MD5:     1080 360545d20502031bab8c298c71707346
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.0.orig.tar.gz
      Size/MD5:  2968326 2f6c6adb62145988f0e5021e5cbd71d3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.4.0-2ubuntu8.1_all.deb
      Size/MD5:   303538 bbc86d969cd89c814fbd2dcaed27d3c0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.4.0-2ubuntu8.1_amd64.deb
      Size/MD5:    89346 7e272e9e45d8d76bfd7ffcf48fc6ec0f
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.4.0-2ubuntu8.1_amd64.deb
      Size/MD5:   225052 3188ff93f87ddcc2a448db87c1d94272
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.4.0-2ubuntu8.1_amd64.deb
      Size/MD5:   550738 b9ab13df10f0ab9d50e0311a8e99636c
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4.0-2ubuntu8.1_amd64.deb
      Size/MD5:   181422 4fdc4326e58624f344e5abf0c893b4c2
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.4.0-2ubuntu8.1_amd64.deb
      Size/MD5:    26482 8f0ded14f5b5a572de118fe7632ba903

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.4.0-2ubuntu8.1_i386.deb
      Size/MD5:    87386 bed95289533ed96b9518e5b6d52d8bea
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.4.0-2ubuntu8.1_i386.deb
      Size/MD5:   210544 e43f0446b54551f671c31e893d245e09
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.4.0-2ubuntu8.1_i386.deb
      Size/MD5:   534654 e2fb5196f66c389ff69fcf7262216bcf
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4.0-2ubuntu8.1_i386.deb
      Size/MD5:   183312 762d3786d854f593c9735642ff0bbe24
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.4.0-2ubuntu8.1_i386.deb
      Size/MD5:    25846 5f1bb3a6bc65ae5bca7cb76dcadb3e02

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.4-3ubuntu3.1.diff.gz
      Size/MD5:    14706 60aca6eb756f2b5ef1914b9c5e641eab
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.4-3ubuntu3.1.dsc
      Size/MD5:     1690 7a27ebcbcc5c4aa7536443275a88a93a
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.4.orig.tar.gz
      Size/MD5:  4944817 9407900dc16e0ba9ea3eec3cf0a56674

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.4.4-3ubuntu3.1_all.deb
      Size/MD5:   529994 c4da663af5f51d19b1976de2e1e501cb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubuntu3.1_amd64.deb
      Size/MD5:   108322 3f5e5e01a17839d7a909c768b25946c6
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubuntu3.1_amd64.deb
      Size/MD5:   323936 2aaa8cd46a2c9a6a6befad16a39c4751
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubuntu3.1_amd64.deb
      Size/MD5:   543058 59721bbd35efdaf14181f7558fe5f02c
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3.1_amd64.deb
      Size/MD5:   262618 41666638ec2bf777abe8c13cae232fe5
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.4.4-3ubuntu3.1_amd64.deb
      Size/MD5:    35546 b2fac337b7fa6c79fa4f51b851928ec8

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubuntu3.1_i386.deb
      Size/MD5:   106248 9feae832c4c0a9de5b5668ac52f36b0d
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubuntu3.1_i386.deb
      Size/MD5:   299792 b6bb985c828468c1d3ab9aec6c0957a4
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubuntu3.1_i386.deb
      Size/MD5:   513800 4bcaaaeda8289387dc85b2aec8e18c47
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3.1_i386.deb
      Size/MD5:   260392 ab932146ef2f1bf627667bfaa84ff9b1
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.4.4-3ubuntu3.1_i386.deb
      Size/MD5:    34736 56936e79012aa78f18113fc054449a89

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubuntu3.1_lpia.deb
      Size/MD5:   113140 cb82af80e45804e03076e87002673ae6
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubuntu3.1_lpia.deb
      Size/MD5:   231974 8f6cf8b3e653c771a280dcf4fff76981
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubuntu3.1_lpia.deb
      Size/MD5:   397586 0dfb5e4ba19ee7177473d7ccd853ecc7
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3.1_lpia.deb
      Size/MD5:   204848 0bd86d778d0761790b8edb193ad4097c
    http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.4.4-3ubuntu3.1_lpia.deb
      Size/MD5:    35568 99c4d427be71096e305117720c7d2bb7

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubuntu3.1_powerpc.deb
      Size/MD5:   116998 85c73a341c3e878469688d5a9a4d2192
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubuntu3.1_powerpc.deb
      Size/MD5:   264734 812e787c2297e53d1d306f0efaef6a67
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubuntu3.1_powerpc.deb
      Size/MD5:   396052 42ecd75ca1b7fc715cc47341e7b0136f
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3.1_powerpc.deb
      Size/MD5:   209038 33e24711251d3fb3ec22e896e217e652
    http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.4.4-3ubuntu3.1_powerpc.deb
      Size/MD5:    38886 2445e68554032edddff09eea87876e23

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubuntu3.1_sparc.deb
      Size/MD5:   105234 28c98c3deb0bc9fda4995a9122249cb3
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubuntu3.1_sparc.deb
      Size/MD5:   234124 11dabeeb53160aba5f8d9810be054a9e
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubuntu3.1_sparc.deb
      Size/MD5:   360166 0d060a3f9a44876960e27135e0adf947
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3.1_sparc.deb
      Size/MD5:   190442 0edb2323b583de2e3e47622155cd3cf9
    http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.4.4-3ubuntu3.1_sparc.deb
      Size/MD5:    34592 9120adbaac3f7ae105863005c893be07



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ