[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1287844760.19118.61.camel@luna>
Date: Sat, 23 Oct 2010 09:39:20 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce <ubuntu-security-announce@...ts.ubuntu.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
bugtraq@...urityfocus.com
Subject: [USN-1008-3] libvirt update
===========================================================
Ubuntu Security Notice USN-1008-3 October 23, 2010
libvirt update
https://launchpad.net/bugs/665182
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
libvirt-bin 0.7.5-5ubuntu27.6
libvirt0 0.7.5-5ubuntu27.6
In general, a standard system update will make all the necessary changes.
Details follow:
USN-1008-1 fixed vulnerabilities in libvirt. The update for Ubuntu 10.04
LTS reverted a recent bug fix update. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that libvirt would probe disk backing stores without
consulting the defined format for the disk. A privileged attacker in the
guest could exploit this to read arbitrary files on the host. This issue
only affected Ubuntu 10.04 LTS. By default, guests are confined by an
AppArmor profile which provided partial protection against this flaw.
(CVE-2010-2237, CVE-2010-2238)
It was discovered that libvirt would create new VMs without setting a
backing store format. A privileged attacker in the guest could exploit this
to read arbitrary files on the host. This issue did not affect Ubuntu 8.04
LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile
which provided partial protection against this flaw. (CVE-2010-2239)
Jeremy Nickurak discovered that libvirt created iptables rules with too
lenient mappings of source ports. A privileged attacker in the guest could
bypass intended restrictions to access privileged resources on the host.
(CVE-2010-2242)
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.6.diff.gz
Size/MD5: 78215 71ee1ea151a32295ec633a7f968f699c
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.6.dsc
Size/MD5: 2636 bd3f86b8a8ecc30aed7ffec0ef5b4cc0
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5.orig.tar.gz
Size/MD5: 9343666 06eedba78d4848cede7ab1a6e48f6df9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.7.5-5ubuntu27.6_all.deb
Size/MD5: 756238 359eb3b1dfebf7ae8f2e34aa97550c28
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.6_amd64.deb
Size/MD5: 595986 7d54c7a6bfa9e7bb529b8a8858f522f9
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.6_amd64.deb
Size/MD5: 646450 97d149404f93bc87631ab46651a0e1a3
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.6_amd64.deb
Size/MD5: 2324248 6a12631e174ce5be0348dbc9e1a1b646
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.6_amd64.deb
Size/MD5: 645976 9e359722abdff97a48c3bb5839722efd
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.6_amd64.deb
Size/MD5: 57362 45a947194bf7c281fb780672f67f3596
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.6_i386.deb
Size/MD5: 580124 e93a706831f50c5861a13f2a87843e81
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.6_i386.deb
Size/MD5: 637668 afbe799b18412fd7368805edd20b9637
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.6_i386.deb
Size/MD5: 2234436 243ef0bb32b3f2ccb1281b856661dcbd
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.6_i386.deb
Size/MD5: 638638 7af0b516d514dd96f9b9aaf5edfe7d5d
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.6_i386.deb
Size/MD5: 55770 0dab08df63c45482a5a6c40320ccbdc3
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.6_powerpc.deb
Size/MD5: 620808 c9fb13e5a70c3f8a882d4c16e5015a03
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.6_powerpc.deb
Size/MD5: 408264 ad027f50a091e87ae90d0107108fe3c9
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.6_powerpc.deb
Size/MD5: 1887452 cd1794391845d2c73069f2ccc9cd06b9
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.6_powerpc.deb
Size/MD5: 496036 fafb36561433e84ae0f20b2b71105491
http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.6_powerpc.deb
Size/MD5: 59372 9f5b65e61d17a0b68a50a8484b1fb48f
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists