Your submission was sent successfully! Close

USN-2404-1: libvirt vulnerabilities

11 November 2014

Several security issues were fixed in libvirt.



  • libvirt - Libvirt virtualization toolkit


Pavel Hrdina discovered that libvirt incorrectly handled locking when
processing the virConnectListAllDomains command. An attacker could use this
issue to cause libvirtd to hang, resulting in a denial of service.

Eric Blake discovered that libvirt incorrectly handled permissions when
processing the qemuDomainFormatXML command. An attacker with read-only
privileges could possibly use this to gain access to certain information
from the domain xml file. (CVE-2014-7823)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10
Ubuntu 14.04

After a standard system update you need to reboot your computer to make
all the necessary changes.