Oval Definition:oval:com.redhat.rhsa:def:20130127
Revision Date:2013-01-08Version:636
Title:RHSA-2013:0127: libvirt security and bug fix update (Low)
Description:The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

  • Bus and device IDs were ignored when attempting to attach multiple USB devices with identical vendor or product IDs to a guest. This could result in the wrong device being attached to a guest, giving that guest root access to the device. (CVE-2012-2693)

    This update also fixes the following bugs:

  • Previously, the libvirtd library failed to set the autostart flags for already defined QEMU domains. This bug has been fixed, and the domains can now be successfully marked as autostarted. (BZ#675319)

  • Prior to this update, the virFileAbsPath() function was not taking into account the slash ("/") directory separator when allocating memory for combining the cwd() function and a path. This behavior could lead to a memory corruption. With this update, a transformation to the virAsprintff() function has been introduced into virFileAbsPath(). As a result, the aforementioned behavior no longer occurs. (BZ#680289)

  • With this update, a man page of the virsh user interface has been enhanced with information on the "domxml-from-native" and "domxml-to-native" commands. A correct notation of the format argument has been clarified. As a result, confusion is avoided when setting the format argument in the described commands. (BZ#783001)

    All users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2012-2693
    RHSA-2013:0127
    RHSA-2013:0127-00
    RHSA-2013:0127-01
    RHSA-2013:0127-01
    Platform(s):Red Hat Enterprise Linux 5
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • libvirt is earlier than 0:0.8.2-29.el5
  • AND libvirt is signed with Red Hat redhatrelease2 key
  • libvirt-devel is earlier than 0:0.8.2-29.el5
  • AND libvirt-devel is signed with Red Hat redhatrelease2 key
  • libvirt-python is earlier than 0:0.8.2-29.el5
  • AND libvirt-python is signed with Red Hat redhatrelease2 key
  • BACK