libvirt: update- Multiple Vulnerabilities

Users of libvirt please be advised of update – Multiple Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

USN-1008-3: [USN-1008-3] libvirt update – Multiple Issues
advisory details:

It was discovered that libvirt would probe disk backing stores without

consulting the defined format for the disk. A privileged attacker in the

guest could exploit this to read arbitrary files on the host. This issue

only affected Ubuntu 10.04 LTS. By default, guests are confined by an

AppArmor profile which provided partial protection against this flaw.

(CVE-2010-2237, CVE-2010-2238)

Jeremy Nickurak discovered that libvirt created iptables rules with too

lenient mappings of source ports. A privileged attacker in the guest could

bypass intended restrictions to access privileged resources on the host.

(CVE-2010-2242)Read more at http://www.criticalwatch.com
 

Advertisements