Oval Definition:oval:com.redhat.rhsa:def:20130199
Revision Date:2013-01-28Version:636
Title:RHSA-2013:0199: libvirt security update (Important)
Description:The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

  • A flaw was found in the way libvirtd handled connection cleanup (when a connection was being closed) under certain error conditions. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the root user. (CVE-2013-0170)

    This issue was discovered by Tingting Zheng of Red Hat.

    All users of libvirt are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, libvirtd will be restarted automatically.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2013-0170
    CVE-2013-0170
    RHSA-2013:0199
    RHSA-2013:0199-01
    RHSA-2013:0199-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libvirt is earlier than 0:0.9.10-21.el6_3.8
  • AND libvirt is signed with Red Hat redhatrelease2 key
  • libvirt-client is earlier than 0:0.9.10-21.el6_3.8
  • AND libvirt-client is signed with Red Hat redhatrelease2 key
  • libvirt-devel is earlier than 0:0.9.10-21.el6_3.8
  • AND libvirt-devel is signed with Red Hat redhatrelease2 key
  • libvirt-lock-sanlock is earlier than 0:0.9.10-21.el6_3.8
  • AND libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
  • libvirt-python is earlier than 0:0.9.10-21.el6_3.8
  • AND libvirt-python is signed with Red Hat redhatrelease2 key
    • BACK