=========================================================== Ubuntu Security Notice USN-1008-1 October 21, 2010 libvirt vulnerabilities CVE-2010-2237, CVE-2010-2238, CVE-2010-2239, CVE-2010-2242 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libvirt-bin 0.4.0-2ubuntu8.3 libvirt0 0.4.0-2ubuntu8.3 Ubuntu 9.04: libvirt-bin 0.6.1-0ubuntu5.2 libvirt0 0.6.1-0ubuntu5.2 Ubuntu 9.10: libvirt-bin 0.7.0-1ubuntu13.2 libvirt0 0.7.0-1ubuntu13.2 Ubuntu 10.04 LTS: libvirt-bin 0.7.5-5ubuntu27.5 libvirt0 0.7.5-5ubuntu27.5 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: The previous version of libvirt on Ubuntu 10.04 LTS would probe a qemu disk to determine its format and did not require that the format be declared in the XML. This is considered a security problem in most deployments and this version of libvirt will default to the 'raw' format when the format is not specified in the XML. As a result, non-raw disks without a specified disk format will no longer be available in existing virtual machines. The libvirt-migrate-qemu-disks tool is provided to aid in transitioning virtual machine definitions to the new required format. In essence, it will check all domains for affected virtual machines, probe the affected disks and update the domain definition accordingly. This command will be run automatically on upgrade. For new virtual machines using non-raw images, the disk format must be specified in the domain XML provided to libvirt, otherwise the disk will not be available to the virtual machine. See man 1 libvirt-migrate-qemu-disks for details. Users who require the old behavior can adjust the 'allow_disk_format_probing' option in /etc/libvirt/qemu.conf. Details follow: It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. (CVE-2010-2237, CVE-2010-2238) It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. (CVE-2010-2239) Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host. (CVE-2010-2242) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.0-2ubuntu8.3.diff.gz Size/MD5: 20884 e9ceff27938937bcc8b3c66e34fccf00 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.0-2ubuntu8.3.dsc Size/MD5: 1081 fd9d6eba4ca530254a86219ada9dc103 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.4.0.orig.tar.gz Size/MD5: 2968326 2f6c6adb62145988f0e5021e5cbd71d3 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.4.0-2ubuntu8.3_all.deb Size/MD5: 316872 e3bfa8be390d762688ae9077ea77b89f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.4.0-2ubuntu8.3_amd64.deb Size/MD5: 88842 91996ea9642d9f43c11af7f178aac401 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.4.0-2ubuntu8.3_amd64.deb Size/MD5: 224782 0c81c813422856531052934cd2df82d3 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.4.0-2ubuntu8.3_amd64.deb Size/MD5: 551124 0f010dc998ec103b16e13a6ed4d6dca6 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4.0-2ubuntu8.3_amd64.deb Size/MD5: 181936 c214ad6ba917e19c39a950d4fd119d86 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.4.0-2ubuntu8.3_amd64.deb Size/MD5: 26478 b362bda807c5a9b05203f00da3830b0f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.4.0-2ubuntu8.3_i386.deb Size/MD5: 87620 ac70d6669d8337704c3eb1f3513879c3 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.4.0-2ubuntu8.3_i386.deb Size/MD5: 210996 4c96e7ce76c921d77a4365f952bbc13f http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.4.0-2ubuntu8.3_i386.deb Size/MD5: 535444 04b709d9e04ff0f4c4135a10c1872f2d http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.4.0-2ubuntu8.3_i386.deb Size/MD5: 183770 7e68fd3070a9b27c77cd2f91266acc6e http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.4.0-2ubuntu8.3_i386.deb Size/MD5: 25852 2c0dfa17e83947d39515748c63dcddcb Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.6.1-0ubuntu5.2.diff.gz Size/MD5: 43820 dbc83246a532c613a636d83f3fa3a7d7 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.6.1-0ubuntu5.2.dsc Size/MD5: 1744 26e7d526a4c78a13d239246811aa78eb http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.6.1.orig.tar.gz Size/MD5: 6476130 3154ea9d4a0778497dfdf58cb98127c0 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.6.1-0ubuntu5.2_all.deb Size/MD5: 505742 647997390b69764bc15aa5daf9b26b65 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.6.1-0ubuntu5.2_amd64.deb Size/MD5: 219000 05faef22f9a8a10982d406f3d8f7b5e2 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.6.1-0ubuntu5.2_amd64.deb Size/MD5: 385622 a1d7cd3f2d943685035a120783649173 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.6.1-0ubuntu5.2_amd64.deb Size/MD5: 613310 2d5ace7b505f867541cc4ac0de235eab http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.6.1-0ubuntu5.2_amd64.deb Size/MD5: 303432 4bad6fcab7f0ddcb11b22663f606ec1a http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.6.1-0ubuntu5.2_amd64.deb Size/MD5: 45876 e3596d25baf8a731c0d55517200b890a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.6.1-0ubuntu5.2_i386.deb Size/MD5: 214002 a780bb05796de4cc994cc9c9610eaf2a http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.6.1-0ubuntu5.2_i386.deb Size/MD5: 379002 3f15799dab9aa64630dfea62910ff673 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.6.1-0ubuntu5.2_i386.deb Size/MD5: 584236 789706e6a17ef50f62c504e5825d188b http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.6.1-0ubuntu5.2_i386.deb Size/MD5: 299978 6bb3c6d462c3dcc464cf39a5a4016200 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.6.1-0ubuntu5.2_i386.deb Size/MD5: 44834 f2a12665473dd152db79a219caab07b2 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.6.1-0ubuntu5.2_lpia.deb Size/MD5: 232606 0b04cd2702ce90f7c2a12c344c030d79 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.6.1-0ubuntu5.2_lpia.deb Size/MD5: 290262 600e18810a0675cefeb9c0eeadd33391 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.6.1-0ubuntu5.2_lpia.deb Size/MD5: 453588 ee38065f866711f6a998659ff35e0518 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.6.1-0ubuntu5.2_lpia.deb Size/MD5: 240306 586ddce160b2650c5be3dabdcbc46314 http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.6.1-0ubuntu5.2_lpia.deb Size/MD5: 45750 fa02dccaa67ca55964ac9894c6da930a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.6.1-0ubuntu5.2_powerpc.deb Size/MD5: 231090 79a1da2e2cea3de37f5d4b3a834c2a9a http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.6.1-0ubuntu5.2_powerpc.deb Size/MD5: 280102 43c568ba2dce31b987505847bd749281 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.6.1-0ubuntu5.2_powerpc.deb Size/MD5: 452548 1dd1e61376d87d8c1233cb94e2df3888 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.6.1-0ubuntu5.2_powerpc.deb Size/MD5: 246326 bed713dfbb60fd9b1a1e87c798a45e33 http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.6.1-0ubuntu5.2_powerpc.deb Size/MD5: 49328 2e4727fd643a7de064de7eccba6c3eba sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.6.1-0ubuntu5.2_sparc.deb Size/MD5: 214758 ae357d67f41cb1e9b0dd7da927da072c http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.6.1-0ubuntu5.2_sparc.deb Size/MD5: 286068 84c7b4fc42dcab15a4780ce0a1ffd2a5 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.6.1-0ubuntu5.2_sparc.deb Size/MD5: 410640 c60f3d83e2c4b295bbf7304710355125 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.6.1-0ubuntu5.2_sparc.deb Size/MD5: 222970 5e5876b939e0e098ec8226457d818e99 http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.6.1-0ubuntu5.2_sparc.deb Size/MD5: 44886 4dd9d092589374ccc63ca82dafd78fc4 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.0-1ubuntu13.2.diff.gz Size/MD5: 744905 877af87d6d665e02bc23789905dd6512 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.0-1ubuntu13.2.dsc Size/MD5: 1844 328ca43be60d06e65efa223ba0c71e60 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.0.orig.tar.gz Size/MD5: 7914077 8c2c14a7695c9c661004bcfc6468d62d Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.7.0-1ubuntu13.2_all.deb Size/MD5: 622808 1197f27de42bf07225e6395d1165fb9c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.2_amd64.deb Size/MD5: 403818 abb09596b59a5af696245cb7a491d8cc http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.2_amd64.deb Size/MD5: 510838 4021ecc46a4e5c1c4d4661aa4e22eb74 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.2_amd64.deb Size/MD5: 823222 cb45f45284690ea8f98698f8943d63ca http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.2_amd64.deb Size/MD5: 412742 896149ca45bfc5bc4b502877660df450 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.2_amd64.deb Size/MD5: 50202 e1476323a19090541e507f5403a68631 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.2_i386.deb Size/MD5: 396910 f24c94bc958b573264648caefd355071 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.2_i386.deb Size/MD5: 501430 e2afd0e4e9d2f6686f0c4d444aec433a http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.2_i386.deb Size/MD5: 791236 00fbf16294ba33d46b4974f900a9d26f http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.2_i386.deb Size/MD5: 405870 c6487d96e218849b732b4fffbda2908c http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.2_i386.deb Size/MD5: 48694 d9f8ab134f8170157eaf852d1045b169 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.2_lpia.deb Size/MD5: 429246 bb93b3e455544127b10358466bbb041b http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.2_lpia.deb Size/MD5: 343958 e9e1b9951a692f7b38629ef8741cef5a http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.2_lpia.deb Size/MD5: 492744 cb6ddb5bd3d262f055d6c3378dc0feff http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.2_lpia.deb Size/MD5: 295826 8ff102c63682ac8c7e209facb11825dc http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.2_lpia.deb Size/MD5: 50020 79b29512bd5742ef80750de8762ba7a1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.2_powerpc.deb Size/MD5: 419842 f4a13296fd0589a354ea3611408160de http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.2_powerpc.deb Size/MD5: 328090 e2be3d31bdd3a04cf0e819ec6c27c3e7 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.2_powerpc.deb Size/MD5: 511266 b678e850dcb72ead681434072a4902fc http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.2_powerpc.deb Size/MD5: 300450 cbbd59928ea79b6958ba3d2c5811d247 http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.2_powerpc.deb Size/MD5: 51412 8f31c7732296966909d0c107eead3bed sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.0-1ubuntu13.2_sparc.deb Size/MD5: 392262 b524af77a91b162628c37b6c6e7f1b96 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.0-1ubuntu13.2_sparc.deb Size/MD5: 341612 568be815ae09fc15824d04681cb69e1f http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.0-1ubuntu13.2_sparc.deb Size/MD5: 461318 86937f8b7b67a95576696c9ead218c38 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.0-1ubuntu13.2_sparc.deb Size/MD5: 275004 f49e1b2137377ac3297b47826512f02a http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.0-1ubuntu13.2_sparc.deb Size/MD5: 49894 c1452ba846953849fcda3138b3ba9026 Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.5.diff.gz Size/MD5: 77212 fa5e47e0019f1433b96f8bd43609fbfa http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5-5ubuntu27.5.dsc Size/MD5: 1996 ee13002bfba6799f6c19de6e6f9be91f http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_0.7.5.orig.tar.gz Size/MD5: 9343666 06eedba78d4848cede7ab1a6e48f6df9 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-doc_0.7.5-5ubuntu27.5_all.deb Size/MD5: 756160 ca96652d00c1238e0d468b9d3d8f785c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.5_amd64.deb Size/MD5: 595950 58fbb3adb00d8986f2f795f3fdb89178 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.5_amd64.deb Size/MD5: 646446 cb90ff6a41916814a2321b4f0cfdca90 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.5_amd64.deb Size/MD5: 2324296 ac312188c8f51c6b20cd4ec52066976f http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.5_amd64.deb Size/MD5: 645756 8832b458e1c454c58c0f6e402a9ee097 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.5_amd64.deb Size/MD5: 57364 7d88a7f6b3fd63a2338ba160eef3236b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.5_i386.deb Size/MD5: 580094 6502997c410d6280bef624abe8cda973 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.5_i386.deb Size/MD5: 637656 86bee201050b5d125e1e7172e2ef8673 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.5_i386.deb Size/MD5: 2234374 d80d2fb81c004760469dcabff7c3ddde http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.5_i386.deb Size/MD5: 638416 58c21ec31b3bb0813fdd1611b6ab6c72 http://security.ubuntu.com/ubuntu/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.5_i386.deb Size/MD5: 55768 2a0d30b661128c42574a33f2dab4b92f powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-bin_0.7.5-5ubuntu27.5_powerpc.deb Size/MD5: 620824 84987ac7ee15369c89d1ce6881d89d1d http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt-dev_0.7.5-5ubuntu27.5_powerpc.deb Size/MD5: 408282 15cd1a5bec639f116e81500ff7d1f30b http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0-dbg_0.7.5-5ubuntu27.5_powerpc.deb Size/MD5: 1887514 9343e456c82c0866201c07558fe54a58 http://ports.ubuntu.com/pool/main/libv/libvirt/libvirt0_0.7.5-5ubuntu27.5_powerpc.deb Size/MD5: 495886 68f6406aac83563f5cd0e140dd13cf79 http://ports.ubuntu.com/pool/main/libv/libvirt/python-libvirt_0.7.5-5ubuntu27.5_powerpc.deb Size/MD5: 59372 bf61fd0dd125e731fa5f682740a921d4