Scientific Linux alert SL-libv-20130128 (libvirt) [LWN.net]


From:
    	       Pat Riehecky <riehecky@fnal.gov> 
To:
    	       "SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV"
	<SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV> 
Subject:
    	       Security ERRATA Important: libvirt on SL6.x i386/x86_64 
Date:
    	       Mon, 28 Jan 2013 14:39:37 -0600
Message-ID:
    	       <5106E209.4010803@fnal.gov>
Archive-link:
    	       Article, Thread
              
Synopsis:          Important: libvirt security update
Issue Date:        2013-01-28
CVE Numbers:       CVE-2013-0170
--

A flaw was found in the way libvirtd handled connection cleanup (when a
connection was being closed) under certain error conditions. A remote 
attacker
able to establish a read-only connection to libvirtd could use this flaw to
crash libvirtd or, potentially, execute arbitrary code with the 
privileges of
the root user. (CVE-2013-0170)

After installing the updated packages, libvirtd will be restarted
automatically.
--

SL6
   x86_64
     libvirt-0.9.10-21.el6_3.8.x86_64.rpm
     libvirt-client-0.9.10-21.el6_3.8.i686.rpm
     libvirt-client-0.9.10-21.el6_3.8.x86_64.rpm
     libvirt-debuginfo-0.9.10-21.el6_3.8.i686.rpm
     libvirt-debuginfo-0.9.10-21.el6_3.8.x86_64.rpm
     libvirt-python-0.9.10-21.el6_3.8.x86_64.rpm
     libvirt-devel-0.9.10-21.el6_3.8.i686.rpm
     libvirt-devel-0.9.10-21.el6_3.8.x86_64.rpm
     libvirt-lock-sanlock-0.9.10-21.el6_3.8.x86_64.rpm
   i386
     libvirt-0.9.10-21.el6_3.8.i686.rpm
     libvirt-client-0.9.10-21.el6_3.8.i686.rpm
     libvirt-debuginfo-0.9.10-21.el6_3.8.i686.rpm
     libvirt-python-0.9.10-21.el6_3.8.i686.rpm
     libvirt-devel-0.9.10-21.el6_3.8.i686.rpm

- Scientific Linux Development Team
(Log in to post comments)