Ubuntu Update For Libvirt USN-2209-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

It was discovered that libvirt incorrectly handled symlinks when using the LXC driver. An attacker could possibly use this issue to delete host devices, create arbitrary nodes, and shutdown or power off the host. (CVE-2013-6456) Marian Krcmarik discovered that libvirt incorrectly handled seamless SPICE migrations. An attacker could possibly use this issue to cause a denial of service. (CVE-2013-7336)

Affected

libvirt on Ubuntu 13.10

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-May/002509.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6456, CVE-2013-7336
CVSS Base Score: 5.8
AV:A/AC:M/Au:S/C:N/I:P/A:C

Related Vulnerabilities

Ubuntu Update for apache2 USN-1259-1
Ubuntu Update for dbus vulnerabilities USN-653-1
Ubuntu Update for bind9 USN-1264-1
Ubuntu Update for cups, cupsys vulnerabilities USN-952-1
Ubuntu Update for bind9 vulnerability USN-622-1

Ubuntu Update for libvirt USN-2209-1

Take action and discover your vulnerabilities