Ubuntu Security Notice USN-1180-1
28th July, 2011
libvirt vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary
An authenticated attacker could send crafted input to libvirt and cause it to crash.
Software description
- libvirt - Libvirt virtualization toolkit
Details
Eric Blake discovered an integer overflow flaw in libvirt. A remote
authenticated attacker could exploit this by sending a crafted VCPU RPC
call and cause a denial of service via application crash.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 11.04:
- libvirt-bin 0.8.8-1ubuntu6.5
- Ubuntu 10.10:
- libvirt-bin 0.8.3-1ubuntu19.1
- Ubuntu 10.04 LTS:
- libvirt-bin 0.7.5-5ubuntu27.16
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.