libvirt: firewalled port exposure [LWN.net]

Package(s):

libvirt

CVE #(s):

CVE-2011-4600

Created:

January 6, 2012

Updated:

January 11, 2012

Description:

From the Fedora advisory:

This release of libvirt fixes a minor security problem with extraneous iptables rules being added when an externally managed network (new feature in 0.9.4) exists.

More information can be found in the Red Hat bugzilla entry.

Alerts:

Fedora

FEDORA-2011-17267

2011-12-22

(Log in to post comments)

libvirt: Fedora specific bug

Posted Jan 7, 2012 13:00 UTC (Sat) by danpb (subscriber, #4831) [Link]

While this post is tagged as CVE-2011-4600, the description text quoted here is not referring to the vulnerability details for that flaw. What is described here is a simple bug that was fixed in Fedora RPMs at the same time as the actual vulnerability fix was released. The actual security flaw description for CVE-2011-4600 is:

"unintended firewall port exposure after restarting libvirtd when defining a bridged forward-mode network"

due to

"extraneous iptables rules being added when an externally managed network (new feature in 0.9.4) exists,"

This was not a Fedora specific problem - it exists in any libvirt between 0.9.4 and 0.9.9

libvirt: Fedora specific bug

Posted Jan 9, 2012 21:28 UTC (Mon) by jake (editor, #205) [Link]

> This was not a Fedora specific problem - it exists in any libvirt
> between 0.9.4 and 0.9.9

Indeed, thanks for the report. I fixed the vulnerability entry.

jake