Fedora alert FEDORA-2011-4870 (libvirt)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 13 Update: libvirt-0.8.2-6.fc13 | |
| Date: | Mon, 18 Apr 2011 21:23:20 +0000 | |
| Message-ID: | <20110418212320.C9820110ACB@bastion02.phx2.fedoraproject.org> | |
| Archive‑link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-4870 2011-04-06 21:47:24 -------------------------------------------------------------------------------- Name : libvirt Product : Fedora 13 Version : 0.8.2 Release : 6.fc13 URL : http://libvirt.org/ Summary : Library providing a simple API virtualization Description : Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support. -------------------------------------------------------------------------------- Update Information: Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe Fix specfile to create /var/lib/libvirt with proper permissions. fix a lack of API check on read-only connections this build fix one crash in the the error handling fix a lack of API check on read-only connections -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 5 2011 Laine Stump <laine@redhat.com> 0.8.2-6 - Add changes to fedora-specific libvirt.spec forgotten in 0.8.2-4 * Tue Apr 5 2011 Laine Stump <laine@redhat.com> 0.8.2-5 - Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe, bug 693457 * Mon Apr 4 2011 Laine Stump <laine@redhat.com> 0.8.2-4 - fix permissions on /var/lib/libvirt * Wed Mar 16 2011 Daniel Veillard <veillard@redhat.com> - 0.8.2-3 - fix one crash in the the error handling for previous patch * Tue Mar 15 2011 Daniel Veillard <veillard@redhat.com> - 0.8.2-2 - Fix for CVE-2011-1146, missing checks on read-only connections bug 683655 * Thu Jun 17 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-5.fc13 - Add qemu.conf options for audio workaround - Fix parsing certain USB sysfs files (bz 598272) - Sanitize pool target paths (bz 494005) - Add qemu.conf for clear emulator capabilities - Prevent libvirtd inside a VM from breaking network access (bz 235961) - Mention --all in 'virsh list' docs (bz 575512) - Initscript fixes (bz 565238) - List wireless interfaces via nodedev-list (bz 596928) * Tue May 18 2010 Cole Robinson <crobinso@redhat.com> - 0.7.7-4.fc13 - Fix nodedev XML conversion errors (bz 591262) - Fix PCI xml decimal parsing (bz 582752) - Fix CDROM media connect/eject (bz 582005) - Always report qemu startup output on error (bz 581381) - Fix crash from 'virsh dominfo' if secdriver disabled (bz 581166) -------------------------------------------------------------------------------- References: [ 1 ] Bug #693391 - CVE-2011-1486 libvirt: error reporting in libvirtd is not thread safe https://bugzilla.redhat.com/show_bug.cgi?id=693391 [ 2 ] Bug #683650 - CVE-2011-1146 libvirt: several API calls do not honour read-only connection https://bugzilla.redhat.com/show_bug.cgi?id=683650 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libvirt' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...