Pardus alert 2011-102 (libvirt)

From:
    	     
 
Meltem Parmaksız <meltem@pardus.org.tr> 
To:
    	     
 
pardus-security@pardus.org.tr 
Subject:
    	     
 
[Pardus-security] [PLSA 2011-102] libvirt: Multiple Vulnerabilities 
Date:
    	     
 
Thu, 4 Aug 2011 14:28:11 +0300
Message-ID:
    	     
 
<201108041428.11216.meltem@pardus.org.tr>
Archive-link:
    	     
 
Article, Thread
              
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-102           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-08-04
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Multiple vulnerabilities have been fixed in libvirt. 


Description
===========

CVE-2011-1486: 

When several libvirtd threads are reporting errors at the same time, the
errors can get mixed or corrupted, potentially leading  to  a  libvirtd 
crash (DoS). 



CVE-2011-1146: 

It has been found that several libvirt API calls (virNodeDeviceDettach, 
virNodeDeviceReset, virDomainRevertToSnapshot, virDomainSnapshotDelete) 
did notm honour read-only connection. Remote attacker  could  use  this 
flaw to crash the 

host server (DoS) 


Affected packages:

  Pardus 2009:
    libvirt, all before 0.8.7-14-8


Resolution
==========

There are update(s) for libvirt. You can update them via Package Manager
or with a single command from console: 

    pisi up libvirt

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=17670
  * http://bugs.pardus.org.tr/show_bug.cgi?id=17336

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security