Summary: | <app-emulation/libvirt-1.1.3-r1 : Privilege Escalation and Security Bypass Vulnerabilities (CVE-2013-4400) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | cardoe |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/55210/ | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-10-25 13:16:01 UTC
CVE-2013-4400 and CVE-2013-4401 are fixed with libvirt-1.1.3-r1. *libvirt-1.1.3-r1 (22 Oct 2013) 22 Oct 2013; Doug Goldstein <cardoe@gentoo.org> +libvirt-1.1.3-r1.ebuild: Fix for CVE-2013-4400 and CVE-2013-4401. Arches, please test and mark stable: =app-emulation/libvirt-1.1.3-r1; Target keywords : "amd64 x86" @Yuri, thanks for the help, but please do the job in a complete manner. amd64/x86 stable @maintainer: please cleanup. (In reply to Agostino Sarubbo from comment #4) > amd64/x86 stable > > > @maintainer: please cleanup. Done. Added to existing GLSA draft CVE-2013-4400 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4400): virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. This issue was resolved and addressed in GLSA 201412-04 at http://security.gentoo.org/glsa/glsa-201412-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |