Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-2178

Published: 10 June 2011

The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.

Notes

AuthorNote
jdstrand
0.8.8 through 0.9.1 are affected

Priority

Medium

Status

Package Release Status
libvirt
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid Not vulnerable

maverick Not vulnerable

natty
Released (0.8.8-1ubuntu6.2)
upstream
Released (0.9.1-2)
Patches:
upstream: https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html
This vulnerability is mitigated in part by an AppArmor profile.