[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1301417096.31707.23.camel@localhost>
Date: Tue, 29 Mar 2011 11:44:56 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-1094-1] Libvirt vulnerability
===========================================================
Ubuntu Security Notice USN-1094-1 March 29, 2011
libvirt vulnerability
CVE-2011-1146
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
libvirt0 0.7.0-1ubuntu13.3
Ubuntu 10.04 LTS:
libvirt0 0.7.5-5ubuntu27.9
Ubuntu 10.10:
libvirt0 0.8.3-1ubuntu14.1
In general, a standard system update will make all the necessary changes.
Details follow:
Petr Matousek discovered that libvirt did not always honor read-only
connections. An attacker who is authorized to connect to the libvirt daemon
could exploit this to cause a denial of service via application crash.
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.0-1ubuntu13.3.diff.gz
Size/MD5: 745434 18fdae17991560abb61812be87dc69ee
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.0-1ubuntu13.3.dsc
Size/MD5: 2484 81391a8821631250e9ab258d89267770
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.0.orig.tar.gz
Size/MD5: 7914077 8c2c14a7695c9c661004bcfc6468d62d
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.7.0-1ubuntu13.3_all.deb
Size/MD5: 594392 9590252ba33110c2017aab77a2d21054
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.3_amd64.deb
Size/MD5: 403860 d7ca31d566995dad3a7e2d0db0a69bdd
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.3_amd64.deb
Size/MD5: 510860 8b17b036119238eb6fa40ae6d082a9cc
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.3_amd64.deb
Size/MD5: 823326 472e1e8ce68abc505bea16037ae560d3
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.3_amd64.deb
Size/MD5: 412862 0999d15cd3b1f66cf8310089c8af232d
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.3_amd64.deb
Size/MD5: 50210 cccd9d1b1fc5d4ba25a1c2016bd615d7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.3_i386.deb
Size/MD5: 394958 998a2e6038371ded95448c411c637be9
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.3_i386.deb
Size/MD5: 500958 c3de8c97b07b0ca2232ab0e2e5acb386
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.3_i386.deb
Size/MD5: 791276 9266cdd6c42b8c662968cf2bd8d251aa
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.3_i386.deb
Size/MD5: 405862 e8c137d02d71ad5cd09c75cda439a5af
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.3_i386.deb
Size/MD5: 48704 a70fcdac6855f962114910306c74a780
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.3_armel.deb
Size/MD5: 396230 01f514fcfd559fdd0daa4a903f3b0d0b
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.3_armel.deb
Size/MD5: 328774 477f9ad9224eb90975280463dbc2f114
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.3_armel.deb
Size/MD5: 495448 726f94fc230f6e806df88118b07c27fe
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.3_armel.deb
Size/MD5: 272502 d60fff17077eb17e575c79b61ab98737
http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.3_armel.deb
Size/MD5: 44072 5d467c3a8078263c844d523b3c855e0d
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.3_lpia.deb
Size/MD5: 429326 afe8c7ae1e27c1aa53da7a174c3872cc
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.3_lpia.deb
Size/MD5: 344042 8a74f7e16fb3e128d296cc1587b92aaf
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.3_lpia.deb
Size/MD5: 492764 160dec1145dcac9c6674795aef001557
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.3_lpia.deb
Size/MD5: 295892 6cf27b30911c8f9426d748524ec53ee0
http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.3_lpia.deb
Size/MD5: 50034 62da87372823c7f25fd3dc66314b5ffc
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.3_powerpc.deb
Size/MD5: 419834 6d3584a3085c31cdb448c5e92b87231f
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.3_powerpc.deb
Size/MD5: 328144 952793d72edc25475de7d7fcb33c1cd7
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.3_powerpc.deb
Size/MD5: 511278 d2da73d62b01f792e60eeb3ad261732d
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.3_powerpc.deb
Size/MD5: 300540 2952822416edd6d4a1a19a825c78616c
http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.3_powerpc.deb
Size/MD5: 51412 0ce914f58ca2700fb52f96b1bf6acc6a
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.3_sparc.deb
Size/MD5: 392312 0e1c821654bed3547755978ed60a98a1
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.3_sparc.deb
Size/MD5: 341680 2fe7577c272a6c983172752f9cb40692
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.3_sparc.deb
Size/MD5: 461314 be7912ac9a8a81a01fcf79c1ec8360b4
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.3_sparc.deb
Size/MD5: 275128 96d18edf5ef6c5f4acc8592ffe70a201
http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.3_sparc.deb
Size/MD5: 49902 bcb94656f352abc825758ff351580c82
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.9.diff.gz
Size/MD5: 79590 dbfee62055eef69166bcbae32943868a
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.9.dsc
Size/MD5: 2636 a43760f77881a106dc6512c6ffcbbf39
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5.orig.tar.gz
Size/MD5: 9343666 06eedba78d4848cede7ab1a6e48f6df9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.7.5-5ubuntu27.9_all.deb
Size/MD5: 756396 e3a63e1d68ea6152d6f9674c38d91046
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.9_amd64.deb
Size/MD5: 597418 e66962022a4c5a62ddbc3a7f449181c8
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.9_amd64.deb
Size/MD5: 647348 9744b61b0630fd0f2b543b8f61a4a240
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.9_amd64.deb
Size/MD5: 2326460 b227c9a4349297d40e8514310b7daf54
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.9_amd64.deb
Size/MD5: 646904 f68fdcbb53151a9c01f34af092fceb6c
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.9_amd64.deb
Size/MD5: 57354 6d1814dab3b0c92b86208bb1241cd137
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.9_i386.deb
Size/MD5: 580212 b531620d02863818615b319a65fcd792
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.9_i386.deb
Size/MD5: 637800 3f73a629abf7a7c36821f87e404da6e9
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.9_i386.deb
Size/MD5: 2234636 b9eb02b5e647a8c628a7cb11a5ea5d89
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.9_i386.deb
Size/MD5: 639180 52a4b631e3b684a384090f7bbfaaaa5d
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.9_i386.deb
Size/MD5: 55768 b160fba16e0a38cc8ff2809402dc3d1e
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.9_armel.deb
Size/MD5: 570462 b9d67701834c45d76704aeb447601ce3
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.9_armel.deb
Size/MD5: 393384 a7df540122da4e21831e7e935c11043d
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.9_armel.deb
Size/MD5: 1890446 61d7ed2ebbddea110bd11cb33f2727e3
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.9_armel.deb
Size/MD5: 454310 ba2296a552e2ddd9a4b347e051dc5daf
http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.9_armel.deb
Size/MD5: 51172 e3aab2e92a1cbc7ae3739b7497746fba
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.9_powerpc.deb
Size/MD5: 620986 8df2d72a6b7cb4509cc38d0e5739b946
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.9_powerpc.deb
Size/MD5: 408434 cc1b99b08caae417b7a4d2a95bc22adf
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.9_powerpc.deb
Size/MD5: 1887760 7262ac20d1d866b49c8227b5d049cec8
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.9_powerpc.deb
Size/MD5: 496356 3cbb12e3ca51fff4f23464ca3cdecd65
http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.9_powerpc.deb
Size/MD5: 59374 af02c87121e54bc82441c711af4e2770
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.8.3-1ubuntu14.1.debian.tar.gz
Size/MD5: 65778 7322646038b35bc5597d9d16b508f127
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.8.3-1ubuntu14.1.dsc
Size/MD5: 2669 5da1871457fdee4f8dab0b53132c1669
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.8.3.orig.tar.gz
Size/MD5: 12430752 ae8535ce119d32a2e9fb1f46e2c8f325
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.8.3-1ubuntu14.1_all.deb
Size/MD5: 820732 eb9c4c132cc5cbc932a38c1be03f86c9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.8.3-1ubuntu14.1_amd64.deb
Size/MD5: 789948 ed41d2c9836d6d30d20c86792123cc93
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.8.3-1ubuntu14.1_amd64.deb
Size/MD5: 655932 71c9e1a640228d0e870ae356b1efcd3c
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.8.3-1ubuntu14.1_amd64.deb
Size/MD5: 2685230 e0c3aa32688fca82fb46dc1baadd2d0b
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.8.3-1ubuntu14.1_amd64.deb
Size/MD5: 566848 bdb51851686e7ebdbe9a5630f4317f2c
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.8.3-1ubuntu14.1_amd64.deb
Size/MD5: 66424 fe7739310007e1c42b38398457668e43
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.8.3-1ubuntu14.1_i386.deb
Size/MD5: 766740 a6f8646f5e9d7e6846dc70cb6f64b152
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.8.3-1ubuntu14.1_i386.deb
Size/MD5: 641296 dc4b5fe33ee7c85401b1fbdd63574544
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.8.3-1ubuntu14.1_i386.deb
Size/MD5: 2585322 bfeae234d8a63d64be212901c1fe1e7a
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.8.3-1ubuntu14.1_i386.deb
Size/MD5: 553126 bf2eb0e856fdc51e763eb79564f230fb
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.8.3-1ubuntu14.1_i386.deb
Size/MD5: 64432 3f1ff9b1134b3cae3e7d863873944253
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.8.3-1ubuntu14.1_armel.deb
Size/MD5: 787038 7fa41ca5f9abbc0bbed5943717b0f301
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.8.3-1ubuntu14.1_armel.deb
Size/MD5: 537538 b6b01d3f968df770813f7d7fdea3965b
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.8.3-1ubuntu14.1_armel.deb
Size/MD5: 2478628 7a7bc6750228de570d6d003fffb5b5a7
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.8.3-1ubuntu14.1_armel.deb
Size/MD5: 476782 e37ff729fe77d8eeca63022c9219d773
http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.8.3-1ubuntu14.1_armel.deb
Size/MD5: 60568 8524aac0e2c5ce018353ccf25eeb4938
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.8.3-1ubuntu14.1_powerpc.deb
Size/MD5: 820744 5047a6be2da3646d66aec9041a98e80e
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.8.3-1ubuntu14.1_powerpc.deb
Size/MD5: 533026 05b9b6ea37df2b35d14a6015d2a14490
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.8.3-1ubuntu14.1_powerpc.deb
Size/MD5: 2474132 0282707b7d664a175be082634eea7bb6
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.8.3-1ubuntu14.1_powerpc.deb
Size/MD5: 508594 bb6f546eaa705a7fe6071fa5689b32c5
http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.8.3-1ubuntu14.1_powerpc.deb
Size/MD5: 68872 fdfbe3eeb22f86730a0ee15f6aaf0c2f
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists