USN-2026-1: libvirt vulnerability

Ubuntu Security Notice USN-2026-1

11th November, 2013

libvirt vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.10

Summary

libvirt would allow unintended access privileges.

Software description

  • libvirt - Libvirt virtualization toolkit

Details

It was discovered that libvirt incorrectly checked privileges when the
virConnectDomainXMLToNative API function was used. An attacker could
possibly use this flaw to gain write privileges, contrary to expected
behaviour.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 13.10:
libvirt0 1.1.1-0ubuntu8.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2013-4401