USN-2404-1: libvirt vulnerabilities
11 November 2014
Several security issues were fixed in libvirt.
- libvirt - Libvirt virtualization toolkit
Pavel Hrdina discovered that libvirt incorrectly handled locking when
processing the virConnectListAllDomains command. An attacker could use this
issue to cause libvirtd to hang, resulting in a denial of service.
Eric Blake discovered that libvirt incorrectly handled permissions when
processing the qemuDomainFormatXML command. An attacker with read-only
privileges could possibly use this to gain access to certain information
from the domain xml file. (CVE-2014-7823)
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to reboot your computer to make
all the necessary changes.