lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1287844760.19118.61.camel@luna>
Date: Sat, 23 Oct 2010 09:39:20 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce <ubuntu-security-announce@...ts.ubuntu.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
	bugtraq@...urityfocus.com
Subject: [USN-1008-3] libvirt update

===========================================================
Ubuntu Security Notice USN-1008-3           October 23, 2010
libvirt update
https://launchpad.net/bugs/665182
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  libvirt-bin                     0.7.5-5ubuntu27.6
  libvirt0                        0.7.5-5ubuntu27.6

In general, a standard system update will make all the necessary changes.

Details follow:

USN-1008-1 fixed vulnerabilities in libvirt. The update for Ubuntu 10.04
LTS reverted a recent bug fix update. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 It was discovered that libvirt would probe disk backing stores without
 consulting the defined format for the disk. A privileged attacker in the
 guest could exploit this to read arbitrary files on the host. This issue
 only affected Ubuntu 10.04 LTS. By default, guests are confined by an
 AppArmor profile which provided partial protection against this flaw.
 (CVE-2010-2237, CVE-2010-2238)
 
 It was discovered that libvirt would create new VMs without setting a
 backing store format. A privileged attacker in the guest could exploit this
 to read arbitrary files on the host. This issue did not affect Ubuntu 8.04
 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile
 which provided partial protection against this flaw. (CVE-2010-2239)
 
 Jeremy Nickurak discovered that libvirt created iptables rules with too
 lenient mappings of source ports. A privileged attacker in the guest could
 bypass intended restrictions to access privileged resources on the host.
 (CVE-2010-2242)


Updated packages for Ubuntu 10.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.6.diff.gz
      Size/MD5:    78215 71ee1ea151a32295ec633a7f968f699c
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.6.dsc
      Size/MD5:     2636 bd3f86b8a8ecc30aed7ffec0ef5b4cc0
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5.orig.tar.gz
      Size/MD5:  9343666 06eedba78d4848cede7ab1a6e48f6df9

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.7.5-5ubuntu27.6_all.deb
      Size/MD5:   756238 359eb3b1dfebf7ae8f2e34aa97550c28

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.6_amd64.deb
      Size/MD5:   595986 7d54c7a6bfa9e7bb529b8a8858f522f9
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.6_amd64.deb
      Size/MD5:   646450 97d149404f93bc87631ab46651a0e1a3
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.6_amd64.deb
      Size/MD5:  2324248 6a12631e174ce5be0348dbc9e1a1b646
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.6_amd64.deb
      Size/MD5:   645976 9e359722abdff97a48c3bb5839722efd
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.6_amd64.deb
      Size/MD5:    57362 45a947194bf7c281fb780672f67f3596

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.6_i386.deb
      Size/MD5:   580124 e93a706831f50c5861a13f2a87843e81
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.6_i386.deb
      Size/MD5:   637668 afbe799b18412fd7368805edd20b9637
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.6_i386.deb
      Size/MD5:  2234436 243ef0bb32b3f2ccb1281b856661dcbd
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.6_i386.deb
      Size/MD5:   638638 7af0b516d514dd96f9b9aaf5edfe7d5d
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.6_i386.deb
      Size/MD5:    55770 0dab08df63c45482a5a6c40320ccbdc3

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.6_powerpc.deb
      Size/MD5:   620808 c9fb13e5a70c3f8a882d4c16e5015a03
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.6_powerpc.deb
      Size/MD5:   408264 ad027f50a091e87ae90d0107108fe3c9
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.6_powerpc.deb
      Size/MD5:  1887452 cd1794391845d2c73069f2ccc9cd06b9
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.6_powerpc.deb
      Size/MD5:   496036 fafb36561433e84ae0f20b2b71105491
    http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.6_powerpc.deb
      Size/MD5:    59372 9f5b65e61d17a0b68a50a8484b1fb48f




Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ