Detalji

U radu programskog paketa libvirt, za operacijski sustav Fedora 14, uočena su dva sigurnosna nedostatka. Riječ je o paketu koji omogućuje izvođenje različitih virtualnih rješenja, kao što su KVM (eng. Kernel-based Virtual Machine) i Xen, putem uobičajenih sučelja. Nedostaci su posljedica neodgovarajućeg ograničavanja operacija u datoteci "libvirt.c" te nepravilnosti koja se očituje prilikom prijavljivanja pogrešaka. Napadaču omogućuju izvođenje DoS napada ili pokretanje proizvoljnog programskog koda. Za više detalja se preporuča pregled originalne preporuke. Korisnike se potiče na nadogradnju.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-4896
2011-04-06 21:48:20
--------------------------------------------------------------------------------

Name        : libvirt
Product     : Fedora 14
Version     : 0.8.3
Release     : 9.fc14
URL         : http://libvirt.org/
Summary     : Library providing a simple API virtualization
Description :
Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). The main package includes
the libvirtd server exporting the virtualization support.

--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe
Fix specfil to create /var/lib/libvirt with proper permissions.
fix a lack of API check on read-only connections
this build fix one crash in the the error handling
fix a lack of API check on read-only connections
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr  5 2011 Laine Stump <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.8.3-9
- Fix incorrect release version in specfile ChangeLog
* Tue Apr  5 2011 Laine Stump <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.8.3-8
- Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe,
  bug 693457
* Mon Apr  4 2011 Laine Stump <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.8.3-7
- fix permissions on /var/lib/libvirt
* Wed Mar 16 2011 Daniel Veillard <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.8.3-6
- fix one crash in the the error handling for previous patch
* Tue Mar 15 2011 Daniel Veillard <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.8.3-5
- fix a lack of API check on read-only connections 683655
- CVE-2011-1146
* Fri Mar  4 2011 Daniel Veillard <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.8.3-4
- fix problem parsing octal addresses bug 653883
* Wed Sep 29 2010 jkeating - 0.8.3-3.1
- Rebuilt for gcc bug 634757
* Thu Sep 16 2010 Dan Horåk <dan[at]danny.cz> - 0.8.3-3
- disable the nwfilterxml2xmltest also on s390(x)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #693391 - CVE-2011-1486 libvirt: error reporting in libvirtd is not
thread safe
        https://bugzilla.redhat.com/show_bug.cgi?id=693391
  [ 2 ] Bug #683650 - CVE-2011-1146 libvirt: several API calls do not honour
read-only connection
        https://bugzilla.redhat.com/show_bug.cgi?id=683650
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libvirt' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh