CentOS Update for libvirt CESA-2011:0391 centos5 i386

Solution
Please Install the Updated Packages.
Insight
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. It was found that several libvirt API calls did not honor the read-only permission for connections. A local attacker able to establish a read-only connection to libvirtd on a server could use this flaw to execute commands that should be restricted to read-write connections, possibly leading to a denial of service or privilege escalation. (CVE-2011-1146) Note: Previously, using rpmbuild without the '--define &quot rhel 5&quot ' option to build the libvirt source RPM on Red Hat Enterprise Linux 5 failed with a &quot Failed build dependencies&quot error for the device-mapper-devel package, as this -devel sub-package is not available on Red Hat Enterprise Linux 5. With this update, the -devel sub-package is no longer checked by default as a dependency when building on Red Hat Enterprise Linux 5, allowing the libvirt source RPM to build as expected. All libvirt users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, libvirtd must be restarted (&quot service libvirtd restart&quot ) for this update to take effect.
Affected
libvirt on CentOS 5
References