U radu programskog paketa libvirt uočen je sigurnosni nedostatak koji se može iskoristiti za dodavanje pravila u IP tablicu. Ova inačica također omogućava automatsko pretvaranje zastarjelih "fedora-13" tipova u "pc-0.14".
Paket:
libvirt 0.x
Operacijski sustavi:
Fedora 16
Kritičnost:
2.3
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
izmjena podataka
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-4600
Izvorni ID preporuke:
FEDORA-2011-17267
Izvor:
Fedora
Problem:
Propust se pojavljuje nakon ponovnog pokretanja libvirtd pozadinskog procesa.
Posljedica:
Propust se može iskoristiti za izmjenu pravila u IP tablici.
Rješenje:
Svim se korisnicima savjetuje primjena nadogradnje koja uklanja uočeni nedostatak.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-17267
2011-12-22 21:43:19
--------------------------------------------------------------------------------
Name : libvirt
Product : Fedora 16
Version : 0.9.6
Release : 4.fc16
URL : http://libvirt.org/
Summary : Library providing a simple virtualization API
Description :
Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). The main package includes
the libvirtd server exporting the virtualization support.
--------------------------------------------------------------------------------
Update Information:
This release of libvirt fixes a minor security problem with extraneous iptables
rules being added when an externally managed network (new feature in 0.9.4)
exists, along with several bugfixes. Another important change in this release is
code to automatically convert guest definitions containing the deprecated
"fedora-13" machine type over to "pc-0.14" - support for the "fedora-13" machine
type will be removed from qemu in Fedora 17, so all guests will need to be
reconfigured before that time; the code in this update handles the
reconfiguration automatically.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 19 2011 Laine Stump <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.9.6-4
- replace "fedora-13" machine type with "pc-0.14" to prepare
systems for removal of "fedora-13" from qemu - Bug 754772
- don't add iptables rules for externally managed networks
- Buf 765964 / CVE-2011-4600
- specfile changes
- Bug 761329 don't use chkconfig --list
- Bug 758896 mark directories in /var/run as ghosts
- Bug 738725 fix logic bug in deciding to turn on cgconfig
- Bug 754909 add dmidecode as a prerequisite
- new async-safe time API + make logging async signal sage wrt.
time stamp generation - Bug 757382 (this required
enabling autoconf during the build)
* Tue Oct 11 2011 Dan HorÄ
Posljednje sigurnosne preporuke