CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
5.1%
Debian Security Advisory DSA-2650-2 [email protected]
http://www.debian.org/security/ Yves-Alexis Perez
March 17, 2013 http://www.debian.org/security/faq
Package : libvirt
Vulnerability : files and device nodes ownership change to kvm group
Problem type : local
Debian-specific: yes
CVE ID : CVE-2013-1766
Debian Bug : 701649
The recent security update for libvirt was found to cause a regression.
The kvm/qemu processes weren't run as the kvm
user anymore in order to
fix the file/device ownership changes, but the processes where not
correctly configured to use the kvm
group either. When the user would
try to run a virtual machine, the process was denied access to the
/dev/kvm device node, preventing the virtual machine to run.
For the stable distribution (squeeze), this problem has been fixed in
version 0.8.3-5+squeeze5.
We recommend that you upgrade your libvirt packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | i386 | libvirt0 | < 0.8.3-5+squeeze4 | libvirt0_0.8.3-5+squeeze4_i386.deb |
Debian | 6 | mipsel | python-libvirt | < 0.8.3-5+squeeze4 | python-libvirt_0.8.3-5+squeeze4_mipsel.deb |
Debian | 6 | mipsel | libvirt-bin | < 0.8.3-5+squeeze4 | libvirt-bin_0.8.3-5+squeeze4_mipsel.deb |
Debian | 6 | sparc | libvirt-bin | < 0.8.3-5+squeeze4 | libvirt-bin_0.8.3-5+squeeze4_sparc.deb |
Debian | 6 | ia64 | libvirt0-dbg | < 0.8.3-5+squeeze4 | libvirt0-dbg_0.8.3-5+squeeze4_ia64.deb |
Debian | 6 | amd64 | libvirt0-dbg | < 0.8.3-5+squeeze4 | libvirt0-dbg_0.8.3-5+squeeze4_amd64.deb |
Debian | 6 | armel | libvirt0 | < 0.8.3-5+squeeze4 | libvirt0_0.8.3-5+squeeze4_armel.deb |
Debian | 6 | armel | libvirt-dev | < 0.8.3-5+squeeze4 | libvirt-dev_0.8.3-5+squeeze4_armel.deb |
Debian | 6 | powerpc | libvirt-bin | < 0.8.3-5+squeeze4 | libvirt-bin_0.8.3-5+squeeze4_powerpc.deb |
Debian | 6 | mipsel | libvirt-dev | < 0.8.3-5+squeeze4 | libvirt-dev_0.8.3-5+squeeze4_mipsel.deb |