lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1289252423.13556.28.camel@luna>
Date: Mon, 08 Nov 2010 15:40:23 -0600
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce <ubuntu-security-announce@...ts.ubuntu.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
	bugtraq@...urityfocus.com
Subject: [USN-1008-4] libvirt regression

===========================================================
Ubuntu Security Notice USN-1008-4          November 08, 2010
libvirt regression
https://launchpad.net/bugs/665531
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  libvirt0                        0.7.5-5ubuntu27.7

In general, a standard system update will make all the necessary changes.

Details follow:

USN-1008-1 fixed vulnerabilities in libvirt. The upstream fixes for
CVE-2010-2238 changed the behavior of libvirt such that the domain
XML could not specify 'host_device' as the qemu sub-type. While libvirt
0.8.3 and later will longer support specifying this sub-type, this
update restores the old behavior on Ubuntu 10.04 LTS.

We apologize for the inconvenience.

Original advisory details:

 It was discovered that libvirt would probe disk backing stores without
 consulting the defined format for the disk. A privileged attacker in the
 guest could exploit this to read arbitrary files on the host. This issue
 only affected Ubuntu 10.04 LTS. By default, guests are confined by an
 AppArmor profile which provided partial protection against this flaw.
 (CVE-2010-2237, CVE-2010-2238)
 
 It was discovered that libvirt would create new VMs without setting a
 backing store format. A privileged attacker in the guest could exploit this
 to read arbitrary files on the host. This issue did not affect Ubuntu 8.04
 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile
 which provided partial protection against this flaw. (CVE-2010-2239)
 
 Jeremy Nickurak discovered that libvirt created iptables rules with too
 lenient mappings of source ports. A privileged attacker in the guest could
 bypass intended restrictions to access privileged resources on the host.
 (CVE-2010-2242)


Updated packages for Ubuntu 10.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.7.diff.gz
      Size/MD5:    78619 c40cfa7402e055dc29c636d39d769c0c
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.7.dsc
      Size/MD5:     2636 c9a0aa950d0558059983f647e0586140
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5.orig.tar.gz
      Size/MD5:  9343666 06eedba78d4848cede7ab1a6e48f6df9

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.7.5-5ubuntu27.7_all.deb
      Size/MD5:   782588 4aa4addd12a75a809e47588abe81a4af

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.7_amd64.deb
      Size/MD5:   596060 e7522e31ad8af0afdfbed228aa78fb73
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.7_amd64.deb
      Size/MD5:   646474 15c626965561420a4c41846574a9e8ed
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.7_amd64.deb
      Size/MD5:  2324350 b47d9d868e1f44d6b10c355f107df746
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.7_amd64.deb
      Size/MD5:   646176 70882d795bb3b22b3014b7b5814ea6fc
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.7_amd64.deb
      Size/MD5:    57370 9467fc50dbf3641a5945ad27d50ac9f4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.7_i386.deb
      Size/MD5:   581398 4e9c273e6bbb4d31b7b57df1af0d4665
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.7_i386.deb
      Size/MD5:   637856 ec3a21f94e4dadbf04c515d1dedaa94f
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.7_i386.deb
      Size/MD5:  2234028 fc68a55b631981df8138c4d555373ad1
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.7_i386.deb
      Size/MD5:   639006 42571ec0f3cc52a662d0e7dd4343ab4c
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.7_i386.deb
      Size/MD5:    55802 a26741e8018ed2be2be786b55da521be

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.7_armel.deb
      Size/MD5:   568130 031cddc8434fe318a326aaa86f8b6fd3
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.7_armel.deb
      Size/MD5:   395242 b60b6811957debaa44ebd584e4b23c1f
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.7_armel.deb
      Size/MD5:  1889660 9f31e8b99a018232a3004f5c1543e163
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.7_armel.deb
      Size/MD5:   452942 f0b648284720d361a6180e8deef5dcbf
    http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.7_armel.deb
      Size/MD5:    51232 ac25c57df58aedbab64c5fe4768366c7

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.7_powerpc.deb
      Size/MD5:   620896 b312196aac572e8731f9420a79ee7178
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.7_powerpc.deb
      Size/MD5:   408348 03901e5bc3a22c1d7de456330e832d75
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.7_powerpc.deb
      Size/MD5:  1887740 b50d03bce6db0737a67c30f87534b3a3
    http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.7_powerpc.deb
      Size/MD5:   496156 c4f3f6640aaf982bdf544ac9eb19e7b9
    http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.7_powerpc.deb
      Size/MD5:    59368 8ed8d8a66c21a1a4efab52757c05d60b




Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ