The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.
A flaw was found in the way libvirtd handled connection cleanup (when a
connection was being closed) under certain error conditions. A remote
attacker able to establish a read-only connection to libvirtd could use
this flaw to crash libvirtd or, potentially, execute arbitrary code with
the privileges of the root user. (CVE-2013-0170)
This issue was discovered by Tingting Zheng of Red Hat.
All users of libvirt are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
the updated packages, libvirtd will be restarted automatically.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | s390x | libvirt-python | < 0.9.10-21.el6_3.8 | libvirt-python-0.9.10-21.el6_3.8.s390x.rpm |
RedHat | 6 | x86_64 | libvirt-debuginfo | < 0.9.10-21.el6_3.8 | libvirt-debuginfo-0.9.10-21.el6_3.8.x86_64.rpm |
RedHat | 6 | i686 | libvirt-debuginfo | < 0.9.10-21.el6_3.8 | libvirt-debuginfo-0.9.10-21.el6_3.8.i686.rpm |
RedHat | 6 | x86_64 | libvirt-client | < 0.9.10-21.el6_3.8 | libvirt-client-0.9.10-21.el6_3.8.x86_64.rpm |
RedHat | 6 | i686 | libvirt-devel | < 0.9.10-21.el6_3.8 | libvirt-devel-0.9.10-21.el6_3.8.i686.rpm |
RedHat | 6 | i686 | libvirt-client | < 0.9.10-21.el6_3.8 | libvirt-client-0.9.10-21.el6_3.8.i686.rpm |
RedHat | 6 | i686 | libvirt-python | < 0.9.10-21.el6_3.8 | libvirt-python-0.9.10-21.el6_3.8.i686.rpm |
RedHat | 6 | s390 | libvirt-debuginfo | < 0.9.10-21.el6_3.8 | libvirt-debuginfo-0.9.10-21.el6_3.8.s390.rpm |
RedHat | 6 | x86_64 | libvirt-python | < 0.9.10-21.el6_3.8 | libvirt-python-0.9.10-21.el6_3.8.x86_64.rpm |
RedHat | 6 | ppc | libvirt-client | < 0.9.10-21.el6_3.8 | libvirt-client-0.9.10-21.el6_3.8.ppc.rpm |