libvirt-0.3.3-14.1.1AXS3
エラータID: AXSA:2009-33:01
リリース日:
2009/04/15 Wednesday - 11:21
題名:
libvirt-0.3.3-14.1.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libvirt には、接続が読み込みのみかどうかをチェックしないため、アクセス制限を回避される脆弱性が存在します。(CVE-2008-5086)
- libvirt の proxy/libvirt_proxy.c における proxyReadClientSocket 関数には、virProxyPacket パケットのヘッダ部分の処理に不備があるため、バッファオーバーフローの脆弱性が存在します。(CVE-2009-0036)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2008-5086
Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.
Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.
CVE-2009-0036
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
追加情報:
N/A
ダウンロード:
SRPMS
- libvirt-0.3.3-14.1.1AXS3.src.rpm
MD5: a8c0793a05d73be684b09ed770479c6a
SHA-256: 17d7d9142a6a010884b00c7631be06ccc2fd6194177726f2514406fb144ed76e
Size: 2.49 MB
Asianux Server 3 for x86
- libvirt-0.3.3-14.1.1AXS3.i386.rpm
MD5: c3229bff898ea4f61b22bf85f1c6dd2b
SHA-256: 5ccfb9b795c2a11ea83acfa1e8733bb2d0b971667c1a0b365797bbd566f8c58d
Size: 926.31 kB - libvirt-devel-0.3.3-14.1.1AXS3.i386.rpm
MD5: f49f8287c32c487def73a0c2717fe1c9
SHA-256: 61409725b4ae58b775cb14f84beca2b3c49ed08fb1e7f48dabb92aa7907400a8
Size: 189.29 kB - libvirt-python-0.3.3-14.1.1AXS3.i386.rpm
MD5: 3117d20a36bdfbd6bf1fcb414adcae9d
SHA-256: c1089f4634a3e918818d9e99fad58de12eb8b5ed812e0d863fbf01fce2416e88
Size: 75.97 kB
Asianux Server 3 for x86_64
- libvirt-0.3.3-14.1.1AXS3.x86_64.rpm
MD5: 0cebc5c376a213d91611ec9fc225cc1b
SHA-256: 973c12f419d8207c348cdd8be6e3ee3e61526fdac324c7be5ae47270a176edb2
Size: 925.14 kB - libvirt-devel-0.3.3-14.1.1AXS3.x86_64.rpm
MD5: 96037342fc923fd0089fae2f7fa5f28d
SHA-256: a757d920373d9d7823cf3a5c2e1362f9a8cfd3f844da5a21332952044291c680
Size: 189.21 kB - libvirt-python-0.3.3-14.1.1AXS3.x86_64.rpm
MD5: cf31f8addfeb0bfef61269798263ea9d
SHA-256: 3814265239f3b7b25165923a313f29ccfb4da8d1ab52f06be73645d825468ddf
Size: 75.87 kB