Debian Local Security Checks : Debian Security Advisory DSA 2280-1 (libvirt)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.69989

Categoría: Debian Local Security Checks

Título: Debian Security Advisory DSA 2280-1 (libvirt)

Resumen: The remote host is missing an update to libvirt;announced via advisory DSA 2280-1.

Descripción: Summary:
The remote host is missing an update to libvirt
announced via advisory DSA 2280-1.

Vulnerability Insight:
It was discovered that libvirt, a library for interfacing with different
virtualization systems, is prone to an integer overflow (CVE-2011-2511).
Additionally, the stable version is prone to a denial of service,
because its error reporting is not thread-safe (CVE-2011-1486).

For the stable distribution (squeeze), these problems have been fixed in
version 0.8.3-5+squeeze2.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.4.6-10+lenny2.

For the testing distribution (wheezy), these problems will fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 0.9.2-7).

Solution:
We recommend that you upgrade your libvirt packages.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2511
Debian Security Information: DSA-2280 (Google Search)
http://www.debian.org/security/2011/dsa-2280
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062855.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html
https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
http://www.openwall.com/lists/oss-security/2011/06/28/9
http://www.redhat.com/support/errata/RHSA-2011-1019.html
http://www.redhat.com/support/errata/RHSA-2011-1197.html
http://www.securitytracker.com/id?1025822
http://secunia.com/advisories/45375
http://secunia.com/advisories/45441
http://secunia.com/advisories/45446
SuSE Security Announcement: SUSE-SU-2011:0837 (Google Search)
https://hermes.opensuse.org/messages/10027908
http://www.ubuntu.com/usn/USN-1180-1
XForce ISS Database: libvirt-virdomaingetvcpus-bo(68271)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68271
Common Vulnerability Exposure (CVE) ID: CVE-2011-1486
BugTraq ID: 47148
http://www.securityfocus.com/bid/47148
https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html
http://www.redhat.com/support/errata/RHSA-2011-0478.html
http://www.redhat.com/support/errata/RHSA-2011-0479.html
http://securitytracker.com/id?1025477
http://secunia.com/advisories/44459
http://www.ubuntu.com/usn/USN-1152-1

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.69989
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 2280-1 (libvirt)
Resumen:	The remote host is missing an update to libvirt;announced via advisory DSA 2280-1.
Descripción:	Summary: The remote host is missing an update to libvirt announced via advisory DSA 2280-1. Vulnerability Insight: It was discovered that libvirt, a library for interfacing with different virtualization systems, is prone to an integer overflow (CVE-2011-2511). Additionally, the stable version is prone to a denial of service, because its error reporting is not thread-safe (CVE-2011-1486). For the stable distribution (squeeze), these problems have been fixed in version 0.8.3-5+squeeze2. For the oldstable distribution (lenny), this problem has been fixed in version 0.4.6-10+lenny2. For the testing distribution (wheezy), these problems will fixed soon. For the unstable distribution (sid), these problems have been fixed in version 0.9.2-7). Solution: We recommend that you upgrade your libvirt packages. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2511 Debian Security Information: DSA-2280 (Google Search) http://www.debian.org/security/2011/dsa-2280 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062855.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html http://www.openwall.com/lists/oss-security/2011/06/28/9 http://www.redhat.com/support/errata/RHSA-2011-1019.html http://www.redhat.com/support/errata/RHSA-2011-1197.html http://www.securitytracker.com/id?1025822 http://secunia.com/advisories/45375 http://secunia.com/advisories/45441 http://secunia.com/advisories/45446 SuSE Security Announcement: SUSE-SU-2011:0837 (Google Search) https://hermes.opensuse.org/messages/10027908 http://www.ubuntu.com/usn/USN-1180-1 XForce ISS Database: libvirt-virdomaingetvcpus-bo(68271) https://exchange.xforce.ibmcloud.com/vulnerabilities/68271 Common Vulnerability Exposure (CVE) ID: CVE-2011-1486 BugTraq ID: 47148 http://www.securityfocus.com/bid/47148 https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html http://www.redhat.com/support/errata/RHSA-2011-0478.html http://www.redhat.com/support/errata/RHSA-2011-0479.html http://securitytracker.com/id?1025477 http://secunia.com/advisories/44459 http://www.ubuntu.com/usn/USN-1152-1
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com