Synopsis: Low: libvirt security and bug fix update
Issue Date: 2013-01-08
CVE Numbers: CVE-2012-2693
—
Bus and device IDs were ignored when attempting to attach multiple USB devices
with identical vendor or product IDs to a guest. This could result in the wrong
device being attached to a guest, giving that guest root access to the device.
(CVE-2012-2693)
This update also fixes the following bugs:
* Previously, the libvirtd library failed to set the autostart flags for
already defined QEMU domains. This bug has been fixed, and the domains can now
be successfully marked as autostarted.
* Prior to this update, the virFileAbsPath() function was not taking into
account the slash (“/”) directory separator when allocating memory for
combining the cwd() function and a path. This behavior could lead to a memory
corruption. With this update, a transformation to the virAsprintff() function
has been introduced into virFileAbsPath(). As a result, the aforementioned
behavior no longer occurs.
* With this update, a man page of the virsh user interface has been enhanced
with information on the “domxml-from-native” and “domxml-to-native” commands. A
correct notation of the format argument has been clarified. As a result,
confusion is avoided when setting the format argument in the described
commands.
After installing the updated packages, libvirtd will be restarted
automatically.
—
SL5
x86_64
libvirt-0.8.2-29.el5.i386.rpm
libvirt-0.8.2-29.el5.x86_64.rpm
libvirt-debuginfo-0.8.2-29.el5.i386.rpm
libvirt-debuginfo-0.8.2-29.el5.x86_64.rpm
libvirt-devel-0.8.2-29.el5.i386.rpm
libvirt-devel-0.8.2-29.el5.x86_64.rpm
libvirt-python-0.8.2-29.el5.x86_64.rpm
i386
libvirt-0.8.2-29.el5.i386.rpm
libvirt-debuginfo-0.8.2-29.el5.i386.rpm
libvirt-devel-0.8.2-29.el5.i386.rpm
libvirt-python-0.8.2-29.el5.i386.rpm
– Scientific Linux Development Team
