CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
Confidence
Low
EPSS
Percentile
89.6%
Debian Security Advisory DSA-2280-1 [email protected]
http://www.debian.org/security/ Steffen Joeris
July 19, 2011 http://www.debian.org/security/faq
Package : libvirt
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2011-2511 CVE-2011-1486
Debian Bugs : 633630 623222
It was discovered that libvirt, a library for interfacing with different
virtualization systems, is prone to an integer overflow (CVE-2011-2511).
Additionally, the stable version is prone to a denial of service,
because its error reporting is not thread-safe (CVE-2011-1486).
For the stable distribution (squeeze), these problems have been fixed in
version 0.8.3-5+squeeze2.
For the oldstable distribution (lenny), this problem has been fixed in
version 0.4.6-10+lenny2.
For the testing distribution (wheezy), these problems will fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 0.9.2-7).
We recommend that you upgrade your libvirt packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | i386 | libvirt0 | < 0.8.3-5+squeeze2 | libvirt0_0.8.3-5+squeeze2_i386.deb |
Debian | 6 | s390 | libvirt-bin | < 0.8.3-5+squeeze2 | libvirt-bin_0.8.3-5+squeeze2_s390.deb |
Debian | 5 | mips | libvirt0-dbg | < 0.4.6-10+lenny2 | libvirt0-dbg_0.4.6-10+lenny2_mips.deb |
Debian | 6 | powerpc | libvirt-bin | < 0.8.3-5+squeeze2 | libvirt-bin_0.8.3-5+squeeze2_powerpc.deb |
Debian | 5 | powerpc | python-libvirt | < 0.4.6-10+lenny2 | python-libvirt_0.4.6-10+lenny2_powerpc.deb |
Debian | 5 | sparc | python-libvirt | < 0.4.6-10+lenny2 | python-libvirt_0.4.6-10+lenny2_sparc.deb |
Debian | 5 | powerpc | libvirt-dev | < 0.4.6-10+lenny2 | libvirt-dev_0.4.6-10+lenny2_powerpc.deb |
Debian | 5 | i386 | libvirt0 | < 0.4.6-10+lenny2 | libvirt0_0.4.6-10+lenny2_i386.deb |
Debian | 6 | armel | libvirt0 | < 0.8.3-5+squeeze2 | libvirt0_0.8.3-5+squeeze2_armel.deb |
Debian | 6 | s390 | libvirt-dev | < 0.8.3-5+squeeze2 | libvirt-dev_0.8.3-5+squeeze2_s390.deb |