Gentoo Linux Security Advisory 201202-7 - Multiple vulnerabilities were found in libvirt, the worst of which might allow guest OS users to read arbitrary files on the host OS. Versions less than 0.9.3-r1 are affected.
174a3477cdb83676abe9282ccb2195b63c18c5ee3d51f67ae0d74c3aeffc9587Debian Linux Security Advisory 2280-1 - It was discovered that libvirt, a library for interfacing with different virtualization systems, is prone to an integer overflow. Additionally, the stable version is prone to a denial of service, because its error reporting is not thread-safe.
a8af1ed94336383085f411150c93a4f063faf203d3c4596b1b379a23bb1ba268Ubuntu Security Notice 1152-1 - It was discovered that libvirt did not use thread-safe error reporting. A remote attacker could exploit this to cause a denial of service via application crash. Eric Blake discovered that libvirt had an off-by-one error which could be used to reopen disk probing and bypass the fix for CVE-2010-2238. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 11.04. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. Various other issues were also addressed.
3cbf89bdc62c18839c600f7eb78579d9d936f562297bd8a52e5131244fa6abd7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed