Ubuntu Update For Libvirt USN-2209-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

It was discovered that libvirt incorrectly handled symlinks when using the LXC driver. An attacker could possibly use this issue to delete host devices, create arbitrary nodes, and shutdown or power off the host. (CVE-2013-6456) Marian Krcmarik discovered that libvirt incorrectly handled seamless SPICE migrations. An attacker could possibly use this issue to cause a denial of service. (CVE-2013-7336)

Affected

libvirt on Ubuntu 13.10

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-May/002509.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6456, CVE-2013-7336

CVSS	Base Score: 5.8 AV:A/AC:M/Au:S/C:N/I:P/A:C

Related Vulnerabilities

Ubuntu Update for clamav USN-1816-1
Ubuntu Update for cupsys vulnerability USN-606-1
Ubuntu Update for dbus USN-2352-1
Ubuntu Update for dbus USN-1576-1
Ubuntu Update for apt USN-2353-1

Ubuntu Update for libvirt USN-2209-1

Take action and discover your vulnerabilities