Home / mailings [USN-2209-1] libvirt vulnerabilities
Posted on 07 May 2014
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2209-1
May 07, 2014
libvirt vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
Summary:
Several security issues were fixed in libvirt.
Software Description:
- libvirt: Libvirt virtualization toolkit
Details:
It was discovered that libvirt incorrectly handled symlinks when using th=
e
LXC driver. An attacker could possibly use this issue to delete host
devices, create arbitrary nodes, and shutdown or power off the host.
(CVE-2013-6456)
Marian Krcmarik discovered that libvirt incorrectly handled seamless SPIC=
E
migrations. An attacker could possibly use this issue to cause a denial o=
f
service. (CVE-2013-7336)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libvirt-bin 1.1.1-0ubuntu8.11
libvirt0 1.1.1-0ubuntu8.11
After a standard system update you need to reboot your computer to make a=
ll
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2209-1
CVE-2013-6456, CVE-2013-7336
Package Information:
https://launchpad.net/ubuntu/+source/libvirt/1.1.1-0ubuntu8.11
