libvirt-0.8.2-15.3.0.1.AXS3
エラータID: AXSA:2011-130:02
リリース日:
2011/04/01 Friday - 14:50
題名:
libvirt-0.8.2-15.3.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。<br />
<br />
[Security Fix]<br />
- libvirt の API の libvirt.c はリードオンリーの接続で適切に操作制限をしておらず, (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, (6) virConnectDomainXMLToNative コールによって, リモートの攻撃者がサービス拒否を引き起こしたり, 任意のコードを実行する可能性のある脆弱性があります。 <br />
なお, この脆弱性は CVE-2008-5086 と異なる脆弱性です。(CVE-2011-1146)<br />
<br />
一部CVEの翻訳文はJVNからの引用になります。<br />
http://jvndb.jvn.jp/<br />
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2011-1146
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.
追加情報:
N/A
ダウンロード:
SRPMS
- libvirt-0.8.2-15.3.0.1.AXS3.src.rpm
MD5: 749ff002799478ca5ff25917d954a4e7
SHA-256: e6db462384fd1bd95bc44949eae38fe06ceec54f2bdbbf8732bcd178cb804520
Size: 11.81 MB
Asianux Server 3 for x86
- libvirt-0.8.2-15.3.0.1.AXS3.i386.rpm
MD5: bb17f76bd10a37b2fb65ccf50dce0530
SHA-256: 57f4d7d6563b6208c5300eac00329f5cdd6fd3b25e853a3a613ea50722d244d0
Size: 3.01 MB - libvirt-devel-0.8.2-15.3.0.1.AXS3.i386.rpm
MD5: 57398b264b23fb2453a829373bfb9491
SHA-256: 05adcdb49db0a818072a1095ac7c222ef8ff0ba776bb92b3efec0982501bd73e
Size: 461.77 kB - libvirt-python-0.8.2-15.3.0.1.AXS3.i386.rpm
MD5: e5171214ec5f61491ff81673291aa372
SHA-256: 9600ad59137d929624e9aa6b73f26ef0253b181d13346d9415b778e5aa7bb710
Size: 234.94 kB
Asianux Server 3 for x86_64
- libvirt-0.8.2-15.3.0.1.AXS3.x86_64.rpm
MD5: a7c3b111ef628499569e6981c50956fa
SHA-256: 17feda6036faff245c2355aca731437fc4dbd7d9766940de596ef3dbb6db27c8
Size: 3.19 MB - libvirt-devel-0.8.2-15.3.0.1.AXS3.x86_64.rpm
MD5: 1b7d8b3e3184fae8fbba52edc8ff79cb
SHA-256: 71cc602e7cda5149da51b875a7479a71c2c7d443cbb7dfcac5917dfb4b309daa
Size: 461.75 kB - libvirt-python-0.8.2-15.3.0.1.AXS3.x86_64.rpm
MD5: 922d8bed93c9b67d81839085f4800c27
SHA-256: 7ab86ce32126ff22c8ce54d1e54ef403b0198cf4592a0cc0bc93fa6648ec3ed2
Size: 236.56 kB