Users of libvirt please be advised of a file disclosure vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
USN-1008-1: [USN-1008-1] libvirt file disclosure vulnerabilities
Details follow:
It was discovered that libvirt would probe disk backing stores without
consulting the defined format for the disk. A privileged attacker in the
guest could exploit this to read arbitrary files on the host. This issue
only affected Ubuntu 10.04 LTS. By default, guests are confined by an
AppArmor profile which provided partial protection against this flaw.
(CVE-2010-2237, CVE-2010-2238)
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9Jl3TX
No comments:
Post a Comment