libvirt Vulnerabilities Closed in All Supported Ubuntu OSes

Users have to upgrade their operating systems in order to fix the problem

By on January 31st, 2014 15:44 GMT

Canonical published details about the libvirt vulnerabilities in its Ubuntu 13.10, Ubuntu 12.10, and Ubuntu 12.04 LTS operating systems.

According to the company, several security issues have been fixed in libvirt.

For example, it has been discovered that libvirt contained multiple race conditions in block device handling. A remote read-only user could use this flaw to cause libvirtd to crash, resulting in a denial of service.

Also, libvirt incorrectly handled certain ACLs. An attacker could use this flaw to possibly obtain certain sensitive information. This issue only affected Ubuntu 13.10.

For a more detailed description of the problems, you can see Canonical's security notification.

The flaws can be fixed if you upgrade your system(s) to the latest libvirt0 and libvirt-bin package specific to each distribution. To apply the patch, run the Update Manager application.

In general, a standard system update will make all the necessary changes and you will have to restart the system.

Comments