CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
88.3%
CentOS Errata and Security Advisory CESA-2013:0199
The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.
A flaw was found in the way libvirtd handled connection cleanup (when a
connection was being closed) under certain error conditions. A remote
attacker able to establish a read-only connection to libvirtd could use
this flaw to crash libvirtd or, potentially, execute arbitrary code with
the privileges of the root user. (CVE-2013-0170)
This issue was discovered by Tingting Zheng of Red Hat.
All users of libvirt are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
the updated packages, libvirtd will be restarted automatically.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-January/081377.html
Affected packages:
libvirt
libvirt-client
libvirt-devel
libvirt-lock-sanlock
libvirt-python
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:0199
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | libvirt | < 0.9.10-21.el6_3.8 | libvirt-0.9.10-21.el6_3.8.i686.rpm |
CentOS | 6 | i686 | libvirt-client | < 0.9.10-21.el6_3.8 | libvirt-client-0.9.10-21.el6_3.8.i686.rpm |
CentOS | 6 | i686 | libvirt-devel | < 0.9.10-21.el6_3.8 | libvirt-devel-0.9.10-21.el6_3.8.i686.rpm |
CentOS | 6 | i686 | libvirt-python | < 0.9.10-21.el6_3.8 | libvirt-python-0.9.10-21.el6_3.8.i686.rpm |
CentOS | 6 | x86_64 | libvirt | < 0.9.10-21.el6_3.8 | libvirt-0.9.10-21.el6_3.8.x86_64.rpm |
CentOS | 6 | i686 | libvirt-client | < 0.9.10-21.el6_3.8 | libvirt-client-0.9.10-21.el6_3.8.i686.rpm |
CentOS | 6 | x86_64 | libvirt-client | < 0.9.10-21.el6_3.8 | libvirt-client-0.9.10-21.el6_3.8.x86_64.rpm |
CentOS | 6 | i686 | libvirt-devel | < 0.9.10-21.el6_3.8 | libvirt-devel-0.9.10-21.el6_3.8.i686.rpm |
CentOS | 6 | x86_64 | libvirt-devel | < 0.9.10-21.el6_3.8 | libvirt-devel-0.9.10-21.el6_3.8.x86_64.rpm |
CentOS | 6 | x86_64 | libvirt-lock-sanlock | < 0.9.10-21.el6_3.8 | libvirt-lock-sanlock-0.9.10-21.el6_3.8.x86_64.rpm |