Описание
ELSA-2013-1272: libvirt security and bug fix update (IMPORTANT)
[0.10.2-18.0.1.el6_4.14]
- Replace docs/et.png in tarball with blank image
[0.10.2-18.el6_4.14]
- spec: Update requirements to pick up rebuilt polkit (CVE-2013-4311)
[0.10.2-18.el6_4.13]
- spec: Fix messed up dependency on polkit (CVE-2013-4311)
[0.10.2-18.el6_4.12]
- Introduce APIs for splitting/joining strings (rhbz#1006265)
- Rename virKillProcess to virProcessKill (rhbz#1006265)
- Rename virPid{Abort, Wait} to virProcess{Abort, Wait} (rhbz#1006265)
- Rename virCommandTranslateStatus to virProcessTranslateStatus (rhbz#1006265)
- Move virProcessKill into virprocess.{h, c} (rhbz#1006265)
- Move virProcess{Kill, Abort, TranslateStatus} into virprocess.{c, h} (rhbz#1006265)
- Include process start time when doing polkit checks (rhbz#1006265)
- Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311)
[0.10.2-18.el6_4.11]
- Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296)
[0.10.2-18.el6_4.10]
- qemu: Avoid leaking uri in qemuMigrationPrepareDirect (rhbz#984578)
- qemu: Fix double free in qemuMigrationPrepareDirect (rhbz#984578) [when parsing a single device (rhbz#1003934)]
- Plug leak in virCgroupMoveTask (rhbz#984556)
- Fix invalid read in virCgroupGetValueStr (rhbz#984561)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
libvirt
0.10.2-18.0.1.el6_4.14
libvirt-client
0.10.2-18.0.1.el6_4.14
libvirt-devel
0.10.2-18.0.1.el6_4.14
libvirt-lock-sanlock
0.10.2-18.0.1.el6_4.14
libvirt-python
0.10.2-18.0.1.el6_4.14
Oracle Linux i686
libvirt
0.10.2-18.0.1.el6_4.14
libvirt-client
0.10.2-18.0.1.el6_4.14
libvirt-devel
0.10.2-18.0.1.el6_4.14
libvirt-python
0.10.2-18.0.1.el6_4.14
Связанные CVE
Связанные уязвимости
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x ...
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.