Security Information / 2011 / Security Information -- DSA-2280-1 libvirt

Debian Security Advisory

DSA-2280-1 libvirt -- several vulnerabilities

Date Reported:

19 Jul 2011

Affected Packages:

libvirt

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 633630, Bug 623222.
In Mitre's CVE dictionary: CVE-2011-2511, CVE-2011-1486.

More information:

It was discovered that libvirt, a library for interfacing with different virtualization systems, is prone to an integer overflow (CVE-2011-2511). Additionally, the stable version is prone to a denial of service, because its error reporting is not thread-safe (CVE-2011-1486).

For the stable distribution (squeeze), these problems have been fixed in version 0.8.3-5+squeeze2.

For the oldstable distribution (lenny), this problem has been fixed in version 0.4.6-10+lenny2.

For the testing distribution (wheezy), these problems will fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 0.9.2-7).

We recommend that you upgrade your libvirt packages.