Описание
ELSA-2009-0382: libvirt security update (MODERATE)
[0.3.3-14.0.1.el5_3.1]
- Replaced docs/redhat.gif in tarball
[0.3.3-14.el5_3.1]
- Add missing readonly checks for APIs (CVE-2008-5086)
- Add missing buf check in proxy daemon (CVE-2009-0036)
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
libvirt
0.3.3-14.0.1.el5_3.1
libvirt-devel
0.3.3-14.0.1.el5_3.1
libvirt-python
0.3.3-14.0.1.el5_3.1
Oracle Linux i386
libvirt
0.3.3-14.0.1.el5_3.1
libvirt-devel
0.3.3-14.0.1.el5_3.1
libvirt-python
0.3.3-14.0.1.el5_3.1
Связанные CVE
Связанные уязвимости
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt ...
Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.