Gentoo: GLSA-201202-07: libvirt: Multiple vulnerabilities
Summary
Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details.
Resolution
All libvirt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/libvirt-0.9.3-r1"
References
[ 1 ] CVE-2011-1146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1146 [ 2 ] CVE-2011-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1486 [ 3 ] CVE-2011-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2178 [ 4 ] CVE-2011-2511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2511
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201202-07
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
![Dist Gentoo](/images/distros/dist-gentoo.png)
Synopsis
Multiple vulnerabilities were found in libvirt, the worst of which might allow guest OS users to read arbitrary files on the host OS.
Background
libvirt is a C toolkit to manipulate virtual machines.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/libvirt < 0.9.3-r1 >= 0.9.3-r1
Impact
===== These vulnerabilites allow a remote attacker to cause a Denial of Service condition on the host server or libvirt daemon, or might allow guest OS users to read arbitrary files on the host OS.
Workaround
There is no known workaround at this time.