Ubuntu 1008-4: libvirt regression

    Date08 Nov 2010
    CategoryUbuntu
    46
    Posted ByLinuxSecurity Advisories
    USN-1008-1 fixed vulnerabilities in libvirt. The upstream fixes for CVE-2010-2238 changed the behavior of libvirt such that the domain XML could not specify 'host_device' as the qemu sub-type. While libvirt 0.8.3 and later will longer support specifying this sub-type, this update restores the old behavior on Ubuntu 10.04 LTS. [More...]
    ===========================================================
    Ubuntu Security Notice USN-1008-4          November 08, 2010
    libvirt regression
    https://launchpad.net/bugs/665531
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 10.04 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 10.04 LTS:
      libvirt0                        0.7.5-5ubuntu27.7
    
    In general, a standard system update will make all the necessary changes.
    
    Details follow:
    
    USN-1008-1 fixed vulnerabilities in libvirt. The upstream fixes for
    CVE-2010-2238 changed the behavior of libvirt such that the domain
    XML could not specify 'host_device' as the qemu sub-type. While libvirt
    0.8.3 and later will longer support specifying this sub-type, this
    update restores the old behavior on Ubuntu 10.04 LTS.
    
    We apologize for the inconvenience.
    
    Original advisory details:
    
     It was discovered that libvirt would probe disk backing stores without
     consulting the defined format for the disk. A privileged attacker in the
     guest could exploit this to read arbitrary files on the host. This issue
     only affected Ubuntu 10.04 LTS. By default, guests are confined by an
     AppArmor profile which provided partial protection against this flaw.
     (CVE-2010-2237, CVE-2010-2238)
     
     It was discovered that libvirt would create new VMs without setting a
     backing store format. A privileged attacker in the guest could exploit this
     to read arbitrary files on the host. This issue did not affect Ubuntu 8.04
     LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile
     which provided partial protection against this flaw. (CVE-2010-2239)
     
     Jeremy Nickurak discovered that libvirt created iptables rules with too
     lenient mappings of source ports. A privileged attacker in the guest could
     bypass intended restrictions to access privileged resources on the host.
     (CVE-2010-2242)
    
    
    Updated packages for Ubuntu 10.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.7.diff.gz
          Size/MD5:    78619 c40cfa7402e055dc29c636d39d769c0c
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.7.dsc
          Size/MD5:     2636 c9a0aa950d0558059983f647e0586140
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5.orig.tar.gz
          Size/MD5:  9343666 06eedba78d4848cede7ab1a6e48f6df9
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.7.5-5ubuntu27.7_all.deb
          Size/MD5:   782588 4aa4addd12a75a809e47588abe81a4af
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.7_amd64.deb
          Size/MD5:   596060 e7522e31ad8af0afdfbed228aa78fb73
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.7_amd64.deb
          Size/MD5:   646474 15c626965561420a4c41846574a9e8ed
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.7_amd64.deb
          Size/MD5:  2324350 b47d9d868e1f44d6b10c355f107df746
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.7_amd64.deb
          Size/MD5:   646176 70882d795bb3b22b3014b7b5814ea6fc
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.7_amd64.deb
          Size/MD5:    57370 9467fc50dbf3641a5945ad27d50ac9f4
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.7_i386.deb
          Size/MD5:   581398 4e9c273e6bbb4d31b7b57df1af0d4665
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.7_i386.deb
          Size/MD5:   637856 ec3a21f94e4dadbf04c515d1dedaa94f
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.7_i386.deb
          Size/MD5:  2234028 fc68a55b631981df8138c4d555373ad1
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.7_i386.deb
          Size/MD5:   639006 42571ec0f3cc52a662d0e7dd4343ab4c
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.7_i386.deb
          Size/MD5:    55802 a26741e8018ed2be2be786b55da521be
    
      armel architecture (ARM Architecture):
    
        http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.7_armel.deb
          Size/MD5:   568130 031cddc8434fe318a326aaa86f8b6fd3
        http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.7_armel.deb
          Size/MD5:   395242 b60b6811957debaa44ebd584e4b23c1f
        http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.7_armel.deb
          Size/MD5:  1889660 9f31e8b99a018232a3004f5c1543e163
        http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.7_armel.deb
          Size/MD5:   452942 f0b648284720d361a6180e8deef5dcbf
        http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.7_armel.deb
          Size/MD5:    51232 ac25c57df58aedbab64c5fe4768366c7
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.7_powerpc.deb
          Size/MD5:   620896 b312196aac572e8731f9420a79ee7178
        http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.7_powerpc.deb
          Size/MD5:   408348 03901e5bc3a22c1d7de456330e832d75
        http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.7_powerpc.deb
          Size/MD5:  1887740 b50d03bce6db0737a67c30f87534b3a3
        http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.7_powerpc.deb
          Size/MD5:   496156 c4f3f6640aaf982bdf544ac9eb19e7b9
        http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.7_powerpc.deb
          Size/MD5:    59368 8ed8d8a66c21a1a4efab52757c05d60b
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.