Debian Security Advisory

DSA-2280-1 libvirt -- several vulnerabilities

Date Reported:
19 Jul 2011
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 633630, Bug 623222.
In Mitre's CVE dictionary: CVE-2011-2511, CVE-2011-1486.
More information:

It was discovered that libvirt, a library for interfacing with different virtualization systems, is prone to an integer overflow (CVE-2011-2511). Additionally, the stable version is prone to a denial of service, because its error reporting is not thread-safe (CVE-2011-1486).

For the stable distribution (squeeze), these problems have been fixed in version 0.8.3-5+squeeze2.

For the oldstable distribution (lenny), this problem has been fixed in version 0.4.6-10+lenny2.

For the testing distribution (wheezy), these problems will fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 0.9.2-7).

We recommend that you upgrade your libvirt packages.