USN-694-1: libvirt vulnerability

18 December 2008

libvirt vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.10
  • Ubuntu 8.04 LTS
  • Ubuntu 7.10

Software Description

  • libvirt

Details

It was discovered that libvirt did not mark certain operations as read-only. A local attacker may be able to perform privileged actions such as migrating virtual machines, adjusting autostart flags, or accessing privileged data in the virtual machine memory and disks.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.10
libvirt0 - 0.4.4-3ubuntu3.1
Ubuntu 8.04 LTS
libvirt0 - 0.4.0-2ubuntu8.1
Ubuntu 7.10
libvirt0 - 0.3.0-0ubuntu2.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References