User: Password:
|
|
Subscribe / Log in / New account

Pardus alert 2011-102 (libvirt)

From:  Meltem Parmaksız <meltem@pardus.org.tr>
To:  pardus-security@pardus.org.tr
Subject:  [Pardus-security] [PLSA 2011-102] libvirt: Multiple Vulnerabilities
Date:  Thu, 4 Aug 2011 14:28:11 +0300
Message-ID:  <201108041428.11216.meltem@pardus.org.tr>
Archive-link:  Article, Thread

------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-102 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-08-04 Type: Remote ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in libvirt. Description =========== CVE-2011-1486: When several libvirtd threads are reporting errors at the same time, the errors can get mixed or corrupted, potentially leading to a libvirtd crash (DoS). CVE-2011-1146: It has been found that several libvirt API calls (virNodeDeviceDettach, virNodeDeviceReset, virDomainRevertToSnapshot, virDomainSnapshotDelete) did notm honour read-only connection. Remote attacker could use this flaw to crash the host server (DoS) Affected packages: Pardus 2009: libvirt, all before 0.8.7-14-8 Resolution ========== There are update(s) for libvirt. You can update them via Package Manager or with a single command from console: pisi up libvirt References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=17670 * http://bugs.pardus.org.tr/show_bug.cgi?id=17336 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds