BugTraq
[USN-1008-3] libvirt update Oct 23 2010 02:39PM
Jamie Strandboge (jamie canonical com)
===========================================================
Ubuntu Security Notice USN-1008-3 October 23, 2010
libvirt update
https://launchpad.net/bugs/665182
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
libvirt-bin 0.7.5-5ubuntu27.6
libvirt0 0.7.5-5ubuntu27.6

In general, a standard system update will make all the necessary changes.

Details follow:

USN-1008-1 fixed vulnerabilities in libvirt. The update for Ubuntu 10.04
LTS reverted a recent bug fix update. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that libvirt would probe disk backing stores without
consulting the defined format for the disk. A privileged attacker in the
guest could exploit this to read arbitrary files on the host. This issue
only affected Ubuntu 10.04 LTS. By default, guests are confined by an
AppArmor profile which provided partial protection against this flaw.
(CVE-2010-2237, CVE-2010-2238)

It was discovered that libvirt would create new VMs without setting a
backing store format. A privileged attacker in the guest could exploit this
to read arbitrary files on the host. This issue did not affect Ubuntu 8.04
LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile
which provided partial protection against this flaw. (CVE-2010-2239)

Jeremy Nickurak discovered that libvirt created iptables rules with too
lenient mappings of source ports. A privileged attacker in the guest could
bypass intended restrictions to access privileged resources on the host.
(CVE-2010-2242)

Updated packages for Ubuntu 10.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5
ubuntu27.6.diff.gz
Size/MD5: 78215 71ee1ea151a32295ec633a7f968f699c
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5
ubuntu27.6.dsc
Size/MD5: 2636 bd3f86b8a8ecc30aed7ffec0ef5b4cc0
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5.o
rig.tar.gz
Size/MD5: 9343666 06eedba78d4848cede7ab1a6e48f6df9

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.7
.5-5ubuntu27.6_all.deb
Size/MD5: 756238 359eb3b1dfebf7ae8f2e34aa97550c28

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7
.5-5ubuntu27.6_amd64.deb
Size/MD5: 595986 7d54c7a6bfa9e7bb529b8a8858f522f9
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7
.5-5ubuntu27.6_amd64.deb
Size/MD5: 646450 97d149404f93bc87631ab46651a0e1a3
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.
7.5-5ubuntu27.6_amd64.deb
Size/MD5: 2324248 6a12631e174ce5be0348dbc9e1a1b646
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-
5ubuntu27.6_amd64.deb
Size/MD5: 645976 9e359722abdff97a48c3bb5839722efd
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_
0.7.5-5ubuntu27.6_amd64.deb
Size/MD5: 57362 45a947194bf7c281fb780672f67f3596

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7
.5-5ubuntu27.6_i386.deb
Size/MD5: 580124 e93a706831f50c5861a13f2a87843e81
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7
.5-5ubuntu27.6_i386.deb
Size/MD5: 637668 afbe799b18412fd7368805edd20b9637
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.
7.5-5ubuntu27.6_i386.deb
Size/MD5: 2234436 243ef0bb32b3f2ccb1281b856661dcbd
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-
5ubuntu27.6_i386.deb
Size/MD5: 638638 7af0b516d514dd96f9b9aaf5edfe7d5d
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_
0.7.5-5ubuntu27.6_i386.deb
Size/MD5: 55770 0dab08df63c45482a5a6c40320ccbdc3

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu
27.6_powerpc.deb
Size/MD5: 620808 c9fb13e5a70c3f8a882d4c16e5015a03
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu
27.6_powerpc.deb
Size/MD5: 408264 ad027f50a091e87ae90d0107108fe3c9
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubunt
u27.6_powerpc.deb
Size/MD5: 1887452 cd1794391845d2c73069f2ccc9cd06b9
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.
6_powerpc.deb
Size/MD5: 496036 fafb36561433e84ae0f20b2b71105491
http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubu
ntu27.6_powerpc.deb
Size/MD5: 59372 9f5b65e61d17a0b68a50a8484b1fb48f

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAABAgAGBQJMwvOYAAoJEFHb3FjMVZVzxkgP/jI4PucBI+1MlCEfonoMu7ZD
B5SroCQkHoKoAsqVge27iru2Rq1s7XE/WnjzRVDSUC1DdYuev3BC/48YRrmYDaaY
6JT/D5kLYvJdrJK2i3EgN5PWJCSpUSdcL+D56SI0i4nIpSijyM9Er/sxUeU8nJOw
e7jXeVunXRHziH7i+ha+u6i0+z/8NfcT+L5ezNok0oWYDvg96YEU9S5LYchacFWc
eX9gqsFwl+dayukOfvf1x06687k6PKDOG75KS0nFf06wf0cn8uivpB1g3KSYiH50
G3s3vLMIrYMQVm3jhR+QzJRet3AcdsA/L3CrxKPLy7ERCrdzP5hd8dIFqtyV6O3B
3a0o9ZqRV2XSG+qBiyN4EpYWyM+ytEDbQxIjQPm6dSeJvaw8D52qa0rwjINxaQ+p
CBj3WrMZZDiRVGEOwKIa/3o+U26Bg5Gb9uE28y5xVuRr3DB1Kx4BmuFGao6npFU4
5GvIx1WPD2uKiEwqlcebiG7K0QQzFwEGXSy0dL+o7QyQCzEceyav2I+h6M6/R2cl
yuzAWObai2gyem56V2iBbGuPudsW0Ds5vcnvZrExep8viMVM8jAeDBPRbtaLj7Yz
MtXUAJiA+oObXirFmBPz87A4rRkjWmD+yETRg60dMS2mK8cpqMUadL3XTiSRbh9t
LUCmZKRzIwF0mx/iGSEN
=03Sg
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus