Debian: DSA-2650-2: libvirt regression update

The recent security update for libvirt was found to cause a regression. The kvm/qemu processes weren't run as the `kvm` user anymore in order to fix the file/device ownership changes, but the processes where not correctly configured to use the `kvm` group either. When the user would

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2650-2                   This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                         Yves-Alexis Perez
March 17, 2013                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libvirt
Vulnerability  : files and device nodes ownership change to kvm group
Problem type   : local
Debian-specific: yes
CVE ID         : CVE-2013-1766
Debian Bug     : 701649

The recent security update for libvirt was found to cause a regression.
The kvm/qemu processes weren't run as the `kvm` user anymore in order to
fix the file/device ownership changes, but the processes where not
correctly configured to use the `kvm` group either. When the user would
try to run a virtual machine, the process was denied access to the
/dev/kvm device node, preventing the virtual machine to run.

For the stable distribution (squeeze), this problem has been fixed in
version 0.8.3-5+squeeze5.

We recommend that you upgrade your libvirt packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.