USN-694-1: libvirt vulnerability
Posted on: 12/18/2008 01:30 AM

A new libvirt vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-694-1 December 18, 2008
libvirt vulnerability
CVE-2008-5086
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
libvirt0 0.3.0-0ubuntu2.1

Ubuntu 8.04 LTS:
libvirt0 0.4.0-2ubuntu8.1

Ubuntu 8.10:
libvirt0 0.4.4-3ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that libvirt did not mark certain operations as read-only. A
local attacker may be able to perform privileged actions such as migrating
virtual machines, adjusting autostart flags, or accessing privileged data in
the virtual machine memory and disks.


Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.3.0-0ubuntu2.1.diff.gz
Size/MD5: 3544 e3f113d1e263a8a5b2b831de6d242d1b
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.3.0-0ubuntu2.1.dsc
Size/MD5: 808 df2b4d52fcdba599d46d3316b13458ff
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.3.0.orig.tar.gz
Size/MD5: 2265548 e6a85e2ef99f985a298376e01fcc7a3c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.3.0-0ubuntu2.1_amd64.deb
Size/MD5: 230520 783cfc179c03e40500fc1a1a3354dac4
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.3.0-0ubuntu2.1_amd64.deb
Size/MD5: 186806 4d7e7f531ad07b08264856bf9762dc20
http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/libvirt-bin_0.3.0-0ubuntu2.1_amd64.deb
Size/MD5: 136992 27a0e129f38e57faae36b0adf6e1b000
http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/python-libvirt_0.3.0-0ubuntu2.1_amd64.deb
Size/MD5: 86872 1da16e06104d27759886b575d2b73f8f

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.3.0-0ubuntu2.1_i386.deb
Size/MD5: 217692 56dd66f156bee8b01f4b68e23e2811d3
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.3.0-0ubuntu2.1_i386.deb
Size/MD5: 186672 3a708d77e58e68b4009937ae9500f8e6
http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/libvirt-bin_0.3.0-0ubuntu2.1_i386.deb
Size/MD5: 135332 69ba54123bc7cb52eebac54313ff6001
http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/python-libvirt_0.3.0-0ubuntu2.1_i386.deb
Size/MD5: 85340 c67f3ea7487e838af3ee7a0a21be4241

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.3.0-0ubuntu2.1_lpia.deb
Size/MD5: 232922 d16c1c0f50b965c2f8a0663995764b5f
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.3.0-0ubuntu2.1_lpia.deb
Size/MD5: 198292 ff4ab36c840d51a92bc76d18aedba3c4
http://ports.ubuntu.com/pool/universe/libv/libvirt/libvirt-bin_0.3.0-0ubuntu2.1_lpia.deb
Size/MD5: 142812 51aec3c2358e54a10783d6c14dcbfab1
http://ports.ubuntu.com/pool/universe/libv/libvirt/python-libvirt_0.3.0-0ubuntu2.1_lpia.deb
Size/MD5: 87042 80be0e16045d055f1afa897091a446bc

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.0-2ubuntu8.1.diff.gz
Size/MD5: 18325 d9c67215893dd4041c4a114d7b8feddf
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.0-2ubuntu8.1.dsc
Size/MD5: 1080 360545d20502031bab8c298c71707346
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.0.orig.tar.gz
Size/MD5: 2968326 2f6c6adb62145988f0e5021e5cbd71d3

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.4.0-2ubuntu8.1_all.deb
Size/MD5: 303538 bbc86d969cd89c814fbd2dcaed27d3c0

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.4.0-2ubuntu8.1_amd64.deb
Size/MD5: 89346 7e272e9e45d8d76bfd7ffcf48fc6ec0f
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.4.0-2ubuntu8.1_amd64.deb
Size/MD5: 225052 3188ff93f87ddcc2a448db87c1d94272
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.4.0-2ubuntu8.1_amd64.deb
Size/MD5: 550738 b9ab13df10f0ab9d50e0311a8e99636c
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4.0-2ubuntu8.1_amd64.deb
Size/MD5: 181422 4fdc4326e58624f344e5abf0c893b4c2
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.4.0-2ubuntu8.1_amd64.deb
Size/MD5: 26482 8f0ded14f5b5a572de118fe7632ba903

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.4.0-2ubuntu8.1_i386.deb
Size/MD5: 87386 bed95289533ed96b9518e5b6d52d8bea
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.4.0-2ubuntu8.1_i386.deb
Size/MD5: 210544 e43f0446b54551f671c31e893d245e09
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.4.0-2ubuntu8.1_i386.deb
Size/MD5: 534654 e2fb5196f66c389ff69fcf7262216bcf
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4.0-2ubuntu8.1_i386.deb
Size/MD5: 183312 762d3786d854f593c9735642ff0bbe24
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.4.0-2ubuntu8.1_i386.deb
Size/MD5: 25846 5f1bb3a6bc65ae5bca7cb76dcadb3e02

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.4-3ubuntu3.1.diff.gz
Size/MD5: 14706 60aca6eb756f2b5ef1914b9c5e641eab
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.4-3ubuntu3.1.dsc
Size/MD5: 1690 7a27ebcbcc5c4aa7536443275a88a93a
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.4.orig.tar.gz
Size/MD5: 4944817 9407900dc16e0ba9ea3eec3cf0a56674

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.4.4-3ubuntu3.1_all.deb
Size/MD5: 529994 c4da663af5f51d19b1976de2e1e501cb

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubuntu3.1_amd64.deb
Size/MD5: 108322 3f5e5e01a17839d7a909c768b25946c6
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubuntu3.1_amd64.deb
Size/MD5: 323936 2aaa8cd46a2c9a6a6befad16a39c4751
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubuntu3.1_amd64.deb
Size/MD5: 543058 59721bbd35efdaf14181f7558fe5f02c
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3.1_amd64.deb
Size/MD5: 262618 41666638ec2bf777abe8c13cae232fe5
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.4.4-3ubuntu3.1_amd64.deb
Size/MD5: 35546 b2fac337b7fa6c79fa4f51b851928ec8

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubuntu3.1_i386.deb
Size/MD5: 106248 9feae832c4c0a9de5b5668ac52f36b0d
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubuntu3.1_i386.deb
Size/MD5: 299792 b6bb985c828468c1d3ab9aec6c0957a4
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubuntu3.1_i386.deb
Size/MD5: 513800 4bcaaaeda8289387dc85b2aec8e18c47
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3.1_i386.deb
Size/MD5: 260392 ab932146ef2f1bf627667bfaa84ff9b1
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.4.4-3ubuntu3.1_i386.deb
Size/MD5: 34736 56936e79012aa78f18113fc054449a89

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubuntu3.1_lpia.deb
Size/MD5: 113140 cb82af80e45804e03076e87002673ae6
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubuntu3.1_lpia.deb
Size/MD5: 231974 8f6cf8b3e653c771a280dcf4fff76981
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubuntu3.1_lpia.deb
Size/MD5: 397586 0dfb5e4ba19ee7177473d7ccd853ecc7
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3.1_lpia.deb
Size/MD5: 204848 0bd86d778d0761790b8edb193ad4097c
http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.4.4-3ubuntu3.1_lpia.deb
Size/MD5: 35568 99c4d427be71096e305117720c7d2bb7

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubuntu3.1_powerpc.deb
Size/MD5: 116998 85c73a341c3e878469688d5a9a4d2192
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubuntu3.1_powerpc.deb
Size/MD5: 264734 812e787c2297e53d1d306f0efaef6a67
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubuntu3.1_powerpc.deb
Size/MD5: 396052 42ecd75ca1b7fc715cc47341e7b0136f
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3.1_powerpc.deb
Size/MD5: 209038 33e24711251d3fb3ec22e896e217e652
http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.4.4-3ubuntu3.1_powerpc.deb
Size/MD5: 38886 2445e68554032edddff09eea87876e23

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubuntu3.1_sparc.deb
Size/MD5: 105234 28c98c3deb0bc9fda4995a9122249cb3
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubuntu3.1_sparc.deb
Size/MD5: 234124 11dabeeb53160aba5f8d9810be054a9e
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubuntu3.1_sparc.deb
Size/MD5: 360166 0d060a3f9a44876960e27135e0adf947
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3.1_sparc.deb
Size/MD5: 190442 0edb2323b583de2e3e47622155cd3cf9
http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.4.4-3ubuntu3.1_sparc.deb
Size/MD5: 34592 9120adbaac3f7ae105863005c893be07



--9l24NVCWtSuIVIod
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklJmJ0ACgkQW0JvuRdL8BqOpgCeN4YHX+NhjPaO3hDfGwbvJ6L5
3jIAniXhy/tGsoQEQ7GUF1hzR+DXtgiD
=opyE
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_694_1_libvirt_vulnerability.html)