===========================================================
Ubuntu Security Notice USN-1008-4 November 08, 2010
libvirt regression
https://launchpad.net/bugs/665531
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
libvirt0 0.7.5-5ubuntu27.7
In general, a standard system update will make all the necessary changes.
Details follow:
USN-1008-1 fixed vulnerabilities in libvirt. The upstream fixes for
CVE-2010-2238 changed the behavior of libvirt such that the domain
XML could not specify 'host_device' as the qemu sub-type. While libvirt
0.8.3 and later will longer support specifying this sub-type, this
update restores the old behavior on Ubuntu 10.04 LTS.
We apologize for the inconvenience.
Original advisory details:
It was discovered that libvirt would probe disk backing stores without
consulting the defined format for the disk. A privileged attacker in the
guest could exploit this to read arbitrary files on the host. This issue
only affected Ubuntu 10.04 LTS. By default, guests are confined by an
AppArmor profile which provided partial protection against this flaw.
(CVE-2010-2237, CVE-2010-2238)
It was discovered that libvirt would create new VMs without setting a
backing store format. A privileged attacker in the guest could exploit this
to read arbitrary files on the host. This issue did not affect Ubuntu 8.04
LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile
which provided partial protection against this flaw. (CVE-2010-2239)
Jeremy Nickurak discovered that libvirt created iptables rules with too
lenient mappings of source ports. A privileged attacker in the guest could
bypass intended restrictions to access privileged resources on the host.
(CVE-2010-2242)
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.7.diff.gz
Size/MD5: 78619 c40cfa7402e055dc29c636d39d769c0c
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.7.dsc
Size/MD5: 2636 c9a0aa950d0558059983f647e0586140
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5.orig.tar.gz
Size/MD5: 9343666 06eedba78d4848cede7ab1a6e48f6df9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.7.5-5ubuntu27.7_all.deb
Size/MD5: 782588 4aa4addd12a75a809e47588abe81a4af
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.7_amd64.deb
Size/MD5: 596060 e7522e31ad8af0afdfbed228aa78fb73
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.7_amd64.deb
Size/MD5: 646474 15c626965561420a4c41846574a9e8ed
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.7_amd64.deb
Size/MD5: 2324350 b47d9d868e1f44d6b10c355f107df746
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.7_amd64.deb
Size/MD5: 646176 70882d795bb3b22b3014b7b5814ea6fc
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.7_amd64.deb
Size/MD5: 57370 9467fc50dbf3641a5945ad27d50ac9f4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.7_i386.deb
Size/MD5: 581398 4e9c273e6bbb4d31b7b57df1af0d4665
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.7_i386.deb
Size/MD5: 637856 ec3a21f94e4dadbf04c515d1dedaa94f
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.7_i386.deb
Size/MD5: 2234028 fc68a55b631981df8138c4d555373ad1
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.7_i386.deb
Size/MD5: 639006 42571ec0f3cc52a662d0e7dd4343ab4c
http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.7_i386.deb
Size/MD5: 55802 a26741e8018ed2be2be786b55da521be
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.7_armel.deb
Size/MD5: 568130 031cddc8434fe318a326aaa86f8b6fd3
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.7_armel.deb
Size/MD5: 395242 b60b6811957debaa44ebd584e4b23c1f
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.7_armel.deb
Size/MD5: 1889660 9f31e8b99a018232a3004f5c1543e163
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.7_armel.deb
Size/MD5: 452942 f0b648284720d361a6180e8deef5dcbf
http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.7_armel.deb
Size/MD5: 51232 ac25c57df58aedbab64c5fe4768366c7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.7_powerpc.deb
Size/MD5: 620896 b312196aac572e8731f9420a79ee7178
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.7_powerpc.deb
Size/MD5: 408348 03901e5bc3a22c1d7de456330e832d75
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.7_powerpc.deb
Size/MD5: 1887740 b50d03bce6db0737a67c30f87534b3a3
http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.7_powerpc.deb
Size/MD5: 496156 c4f3f6640aaf982bdf544ac9eb19e7b9
http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.7_powerpc.deb
Size/MD5: 59368 8ed8d8a66c21a1a4efab52757c05d60b
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/