Issued:
2011-05-02
Updated:
2011-05-02

RHSA-2011:0478 - Security Advisory

Synopsis

Moderate: libvirt security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated libvirt packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remotely managing virtualized systems.

A flaw was found in the way libvirtd handled error reporting for concurrent
connections. A remote attacker able to establish read-only connections to
libvirtd on a server could use this flaw to crash libvirtd. (CVE-2011-1486)

All libvirt users are advised to upgrade to these updated packages, which
contain backported patches to resolve this issue. After installing the
updated packages, libvirtd must be restarted ("service libvirtd restart")
for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.6 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.6 i386
  • Red Hat Enterprise Linux Server - AUS 5.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 5.6 ia64
  • Red Hat Enterprise Linux Server - AUS 5.6 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386

Fixes

  • BZ - 693391 - CVE-2011-1486 libvirt: error reporting in libvirtd is not thread safe

Red Hat Enterprise Linux Server 5

SRPM
libvirt-0.8.2-15.el5_6.4.src.rpm SHA-256: b9b33f8c4c75309a9ef150dc219478c4f4c4f1045d3d503b22c2b09140b88ba3
x86_64
libvirt-0.8.2-15.el5_6.4.i386.rpm SHA-256: faf5c474785d2fbae2608026ec0637cc3f02aae605f13a99d4e5bc1b23e83532
libvirt-0.8.2-15.el5_6.4.x86_64.rpm SHA-256: bde486205d83da8da3a32e7b44d8d234a94a1aa4c2665eea94174702f077fad3
libvirt-devel-0.8.2-15.el5_6.4.i386.rpm SHA-256: 9ebdfbf3a26894e87dd8d28e522494c60b28a3ad488fa2c3f07bd333f48052f3
libvirt-devel-0.8.2-15.el5_6.4.x86_64.rpm SHA-256: 5dfdf964891ae3149c293317b6c08b255ed80b80001a71d4bb6ef9e79ca46131
libvirt-python-0.8.2-15.el5_6.4.x86_64.rpm SHA-256: 97f1f37002379842e96791b0cb42c39f451dd83a1da16015a59c5a0b0e34d429
ia64
libvirt-0.8.2-15.el5_6.4.ia64.rpm SHA-256: 1a30ee9c1152083ff318d2997b1a2b3d74da974d482493e11d08f9716b82b217
libvirt-devel-0.8.2-15.el5_6.4.ia64.rpm SHA-256: 5ed3f943ad6794d049519f2d27b8bcdcb70d1286393992605ea4cf65f3ea701f
libvirt-python-0.8.2-15.el5_6.4.ia64.rpm SHA-256: 4c52282fb8b85b781d97513eff5617b3715f3ef86b0ebc566abb2f18d8681026
i386
libvirt-0.8.2-15.el5_6.4.i386.rpm SHA-256: faf5c474785d2fbae2608026ec0637cc3f02aae605f13a99d4e5bc1b23e83532
libvirt-devel-0.8.2-15.el5_6.4.i386.rpm SHA-256: 9ebdfbf3a26894e87dd8d28e522494c60b28a3ad488fa2c3f07bd333f48052f3
libvirt-python-0.8.2-15.el5_6.4.i386.rpm SHA-256: 3c46b250fc42d0fa9b47f88cbde60873bc59bfb02a402313cd2bee5b1c5e48a5

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.6

SRPM
libvirt-0.8.2-15.el5_6.4.src.rpm SHA-256: b9b33f8c4c75309a9ef150dc219478c4f4c4f1045d3d503b22c2b09140b88ba3
x86_64
libvirt-0.8.2-15.el5_6.4.i386.rpm SHA-256: faf5c474785d2fbae2608026ec0637cc3f02aae605f13a99d4e5bc1b23e83532
libvirt-0.8.2-15.el5_6.4.x86_64.rpm SHA-256: bde486205d83da8da3a32e7b44d8d234a94a1aa4c2665eea94174702f077fad3
libvirt-devel-0.8.2-15.el5_6.4.i386.rpm SHA-256: 9ebdfbf3a26894e87dd8d28e522494c60b28a3ad488fa2c3f07bd333f48052f3
libvirt-devel-0.8.2-15.el5_6.4.x86_64.rpm SHA-256: 5dfdf964891ae3149c293317b6c08b255ed80b80001a71d4bb6ef9e79ca46131
libvirt-python-0.8.2-15.el5_6.4.x86_64.rpm SHA-256: 97f1f37002379842e96791b0cb42c39f451dd83a1da16015a59c5a0b0e34d429
ia64
libvirt-0.8.2-15.el5_6.4.ia64.rpm SHA-256: 1a30ee9c1152083ff318d2997b1a2b3d74da974d482493e11d08f9716b82b217
libvirt-devel-0.8.2-15.el5_6.4.ia64.rpm SHA-256: 5ed3f943ad6794d049519f2d27b8bcdcb70d1286393992605ea4cf65f3ea701f
libvirt-python-0.8.2-15.el5_6.4.ia64.rpm SHA-256: 4c52282fb8b85b781d97513eff5617b3715f3ef86b0ebc566abb2f18d8681026
i386
libvirt-0.8.2-15.el5_6.4.i386.rpm SHA-256: faf5c474785d2fbae2608026ec0637cc3f02aae605f13a99d4e5bc1b23e83532
libvirt-devel-0.8.2-15.el5_6.4.i386.rpm SHA-256: 9ebdfbf3a26894e87dd8d28e522494c60b28a3ad488fa2c3f07bd333f48052f3
libvirt-python-0.8.2-15.el5_6.4.i386.rpm SHA-256: 3c46b250fc42d0fa9b47f88cbde60873bc59bfb02a402313cd2bee5b1c5e48a5

Red Hat Enterprise Linux Server - AUS 5.6

SRPM
libvirt-0.8.2-15.el5_6.4.src.rpm SHA-256: b9b33f8c4c75309a9ef150dc219478c4f4c4f1045d3d503b22c2b09140b88ba3
x86_64
libvirt-0.8.2-15.el5_6.4.i386.rpm SHA-256: faf5c474785d2fbae2608026ec0637cc3f02aae605f13a99d4e5bc1b23e83532
libvirt-0.8.2-15.el5_6.4.x86_64.rpm SHA-256: bde486205d83da8da3a32e7b44d8d234a94a1aa4c2665eea94174702f077fad3
libvirt-devel-0.8.2-15.el5_6.4.i386.rpm SHA-256: 9ebdfbf3a26894e87dd8d28e522494c60b28a3ad488fa2c3f07bd333f48052f3
libvirt-devel-0.8.2-15.el5_6.4.x86_64.rpm SHA-256: 5dfdf964891ae3149c293317b6c08b255ed80b80001a71d4bb6ef9e79ca46131
libvirt-python-0.8.2-15.el5_6.4.x86_64.rpm SHA-256: 97f1f37002379842e96791b0cb42c39f451dd83a1da16015a59c5a0b0e34d429
ia64
libvirt-0.8.2-15.el5_6.4.ia64.rpm SHA-256: 1a30ee9c1152083ff318d2997b1a2b3d74da974d482493e11d08f9716b82b217
libvirt-devel-0.8.2-15.el5_6.4.ia64.rpm SHA-256: 5ed3f943ad6794d049519f2d27b8bcdcb70d1286393992605ea4cf65f3ea701f
libvirt-python-0.8.2-15.el5_6.4.ia64.rpm SHA-256: 4c52282fb8b85b781d97513eff5617b3715f3ef86b0ebc566abb2f18d8681026
i386
libvirt-0.8.2-15.el5_6.4.i386.rpm SHA-256: faf5c474785d2fbae2608026ec0637cc3f02aae605f13a99d4e5bc1b23e83532
libvirt-devel-0.8.2-15.el5_6.4.i386.rpm SHA-256: 9ebdfbf3a26894e87dd8d28e522494c60b28a3ad488fa2c3f07bd333f48052f3
libvirt-python-0.8.2-15.el5_6.4.i386.rpm SHA-256: 3c46b250fc42d0fa9b47f88cbde60873bc59bfb02a402313cd2bee5b1c5e48a5

Red Hat Enterprise Linux Workstation 5

SRPM
libvirt-0.8.2-15.el5_6.4.src.rpm SHA-256: b9b33f8c4c75309a9ef150dc219478c4f4c4f1045d3d503b22c2b09140b88ba3
x86_64
libvirt-0.8.2-15.el5_6.4.i386.rpm SHA-256: faf5c474785d2fbae2608026ec0637cc3f02aae605f13a99d4e5bc1b23e83532
libvirt-0.8.2-15.el5_6.4.x86_64.rpm SHA-256: bde486205d83da8da3a32e7b44d8d234a94a1aa4c2665eea94174702f077fad3
libvirt-devel-0.8.2-15.el5_6.4.i386.rpm SHA-256: 9ebdfbf3a26894e87dd8d28e522494c60b28a3ad488fa2c3f07bd333f48052f3
libvirt-devel-0.8.2-15.el5_6.4.x86_64.rpm SHA-256: 5dfdf964891ae3149c293317b6c08b255ed80b80001a71d4bb6ef9e79ca46131
libvirt-python-0.8.2-15.el5_6.4.x86_64.rpm SHA-256: 97f1f37002379842e96791b0cb42c39f451dd83a1da16015a59c5a0b0e34d429
i386
libvirt-0.8.2-15.el5_6.4.i386.rpm SHA-256: faf5c474785d2fbae2608026ec0637cc3f02aae605f13a99d4e5bc1b23e83532
libvirt-devel-0.8.2-15.el5_6.4.i386.rpm SHA-256: 9ebdfbf3a26894e87dd8d28e522494c60b28a3ad488fa2c3f07bd333f48052f3
libvirt-python-0.8.2-15.el5_6.4.i386.rpm SHA-256: 3c46b250fc42d0fa9b47f88cbde60873bc59bfb02a402313cd2bee5b1c5e48a5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.