=========================================================== Ubuntu Security Notice USN-694-1 December 18, 2008 libvirt vulnerability CVE-2008-5086 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: libvirt0 0.3.0-0ubuntu2.1 Ubuntu 8.04 LTS: libvirt0 0.4.0-2ubuntu8.1 Ubuntu 8.10: libvirt0 0.4.4-3ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that libvirt did not mark certain operations as read-only. A local attacker may be able to perform privileged actions such as migrating virtual machines, adjusting autostart flags, or accessing privileged data in the virtual machine memory and disks. Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.3.0-0ubuntu2.1.diff.gz Size/MD5: 3544 e3f113d1e263a8a5b2b831de6d242d1b http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.3.0-0ubuntu2.1.dsc Size/MD5: 808 df2b4d52fcdba599d46d3316b13458ff http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.3.0.orig.tar.gz Size/MD5: 2265548 e6a85e2ef99f985a298376e01fcc7a3c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.3.0-0ubuntu2.1_amd64.deb Size/MD5: 230520 783cfc179c03e40500fc1a1a3354dac4 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.3.0-0ubuntu2.1_amd64.deb Size/MD5: 186806 4d7e7f531ad07b08264856bf9762dc20 http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/libvirt-bin_0.3.0-0ubuntu2.1_amd64.deb Size/MD5: 136992 27a0e129f38e57faae36b0adf6e1b000 http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/python-libvirt_0.3.0-0ubuntu2.1_amd64.deb Size/MD5: 86872 1da16e06104d27759886b575d2b73f8f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.3.0-0ubuntu2.1_i386.deb Size/MD5: 217692 56dd66f156bee8b01f4b68e23e2811d3 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.3.0-0ubuntu2.1_i386.deb Size/MD5: 186672 3a708d77e58e68b4009937ae9500f8e6 http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/libvirt-bin_0.3.0-0ubuntu2.1_i386.deb Size/MD5: 135332 69ba54123bc7cb52eebac54313ff6001 http://security.ubuntu.com/ubuntu/pool/universe/libv/libvirt/python-libvirt_0.3.0-0ubuntu2.1_i386.deb Size/MD5: 85340 c67f3ea7487e838af3ee7a0a21be4241 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.3.0-0ubuntu2.1_lpia.deb Size/MD5: 232922 d16c1c0f50b965c2f8a0663995764b5f http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.3.0-0ubuntu2.1_lpia.deb Size/MD5: 198292 ff4ab36c840d51a92bc76d18aedba3c4 http://ports.ubuntu.com/pool/universe/libv/libvirt/libvirt-bin_0.3.0-0ubuntu2.1_lpia.deb Size/MD5: 142812 51aec3c2358e54a10783d6c14dcbfab1 http://ports.ubuntu.com/pool/universe/libv/libvirt/python-libvirt_0.3.0-0ubuntu2.1_lpia.deb Size/MD5: 87042 80be0e16045d055f1afa897091a446bc Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.0-2ubuntu8.1.diff.gz Size/MD5: 18325 d9c67215893dd4041c4a114d7b8feddf http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.0-2ubuntu8.1.dsc Size/MD5: 1080 360545d20502031bab8c298c71707346 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.0.orig.tar.gz Size/MD5: 2968326 2f6c6adb62145988f0e5021e5cbd71d3 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.4.0-2ubuntu8.1_all.deb Size/MD5: 303538 bbc86d969cd89c814fbd2dcaed27d3c0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.4.0-2ubuntu8.1_amd64.deb Size/MD5: 89346 7e272e9e45d8d76bfd7ffcf48fc6ec0f http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.4.0-2ubuntu8.1_amd64.deb Size/MD5: 225052 3188ff93f87ddcc2a448db87c1d94272 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.4.0-2ubuntu8.1_amd64.deb Size/MD5: 550738 b9ab13df10f0ab9d50e0311a8e99636c http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4.0-2ubuntu8.1_amd64.deb Size/MD5: 181422 4fdc4326e58624f344e5abf0c893b4c2 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.4.0-2ubuntu8.1_amd64.deb Size/MD5: 26482 8f0ded14f5b5a572de118fe7632ba903 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.4.0-2ubuntu8.1_i386.deb Size/MD5: 87386 bed95289533ed96b9518e5b6d52d8bea http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.4.0-2ubuntu8.1_i386.deb Size/MD5: 210544 e43f0446b54551f671c31e893d245e09 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.4.0-2ubuntu8.1_i386.deb Size/MD5: 534654 e2fb5196f66c389ff69fcf7262216bcf http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4.0-2ubuntu8.1_i386.deb Size/MD5: 183312 762d3786d854f593c9735642ff0bbe24 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.4.0-2ubuntu8.1_i386.deb Size/MD5: 25846 5f1bb3a6bc65ae5bca7cb76dcadb3e02 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.4-3ubuntu3.1.diff.gz Size/MD5: 14706 60aca6eb756f2b5ef1914b9c5e641eab http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.4-3ubuntu3.1.dsc Size/MD5: 1690 7a27ebcbcc5c4aa7536443275a88a93a http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.4.orig.tar.gz Size/MD5: 4944817 9407900dc16e0ba9ea3eec3cf0a56674 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.4.4-3ubuntu3.1_all.deb Size/MD5: 529994 c4da663af5f51d19b1976de2e1e501cb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubuntu3.1_amd64.deb Size/MD5: 108322 3f5e5e01a17839d7a909c768b25946c6 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubuntu3.1_amd64.deb Size/MD5: 323936 2aaa8cd46a2c9a6a6befad16a39c4751 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubuntu3.1_amd64.deb Size/MD5: 543058 59721bbd35efdaf14181f7558fe5f02c http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3.1_amd64.deb Size/MD5: 262618 41666638ec2bf777abe8c13cae232fe5 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.4.4-3ubuntu3.1_amd64.deb Size/MD5: 35546 b2fac337b7fa6c79fa4f51b851928ec8 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubuntu3.1_i386.deb Size/MD5: 106248 9feae832c4c0a9de5b5668ac52f36b0d http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubuntu3.1_i386.deb Size/MD5: 299792 b6bb985c828468c1d3ab9aec6c0957a4 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubuntu3.1_i386.deb Size/MD5: 513800 4bcaaaeda8289387dc85b2aec8e18c47 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3.1_i386.deb Size/MD5: 260392 ab932146ef2f1bf627667bfaa84ff9b1 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.4.4-3ubuntu3.1_i386.deb Size/MD5: 34736 56936e79012aa78f18113fc054449a89 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubuntu3.1_lpia.deb Size/MD5: 113140 cb82af80e45804e03076e87002673ae6 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubuntu3.1_lpia.deb Size/MD5: 231974 8f6cf8b3e653c771a280dcf4fff76981 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubuntu3.1_lpia.deb Size/MD5: 397586 0dfb5e4ba19ee7177473d7ccd853ecc7 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3.1_lpia.deb Size/MD5: 204848 0bd86d778d0761790b8edb193ad4097c http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.4.4-3ubuntu3.1_lpia.deb Size/MD5: 35568 99c4d427be71096e305117720c7d2bb7 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubuntu3.1_powerpc.deb Size/MD5: 116998 85c73a341c3e878469688d5a9a4d2192 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubuntu3.1_powerpc.deb Size/MD5: 264734 812e787c2297e53d1d306f0efaef6a67 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubuntu3.1_powerpc.deb Size/MD5: 396052 42ecd75ca1b7fc715cc47341e7b0136f http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3.1_powerpc.deb Size/MD5: 209038 33e24711251d3fb3ec22e896e217e652 http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.4.4-3ubuntu3.1_powerpc.deb Size/MD5: 38886 2445e68554032edddff09eea87876e23 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.4.4-3ubuntu3.1_sparc.deb Size/MD5: 105234 28c98c3deb0bc9fda4995a9122249cb3 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.4.4-3ubuntu3.1_sparc.deb Size/MD5: 234124 11dabeeb53160aba5f8d9810be054a9e http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.4.4-3ubuntu3.1_sparc.deb Size/MD5: 360166 0d060a3f9a44876960e27135e0adf947 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.4.4-3ubuntu3.1_sparc.deb Size/MD5: 190442 0edb2323b583de2e3e47622155cd3cf9 http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.4.4-3ubuntu3.1_sparc.deb Size/MD5: 34592 9120adbaac3f7ae105863005c893be07
Attachment:
signature.asc
Description: Digital signature