csaf_redhat - rhsa-2011

rhsa-2011_0478

Vulnerability from csaf_redhat

Published

2011-05-02 18:13

Modified

2024-11-22 04:21

Summary

Red Hat Security Advisory: libvirt security update

Notes

Topic

Updated libvirt packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. A flaw was found in the way libvirtd handled error reporting for concurrent connections. A remote attacker able to establish read-only connections to libvirtd on a server could use this flaw to crash libvirtd. (CVE-2011-1486) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. After installing the updated packages, libvirtd must be restarted ("service libvirtd restart") for this update to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated libvirt packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The libvirt library is a C API for managing and interacting with the\nvirtualization capabilities of Linux and other operating systems. In\naddition, libvirt provides tools for remotely managing virtualized systems.\n\nA flaw was found in the way libvirtd handled error reporting for concurrent\nconnections. A remote attacker able to establish read-only connections to\nlibvirtd on a server could use this flaw to crash libvirtd. (CVE-2011-1486)\n\nAll libvirt users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve this issue. After installing the\nupdated packages, libvirtd must be restarted (\"service libvirtd restart\")\nfor this update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2011:0478",
        "url": "https://access.redhat.com/errata/RHSA-2011:0478"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "693391",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=693391"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0478.json"
      }
    ],
    "title": "Red Hat Security Advisory: libvirt security update",
    "tracking": {
      "current_release_date": "2024-11-22T04:21:10+00:00",
      "generator": {
        "date": "2024-11-22T04:21:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2011:0478",
      "initial_release_date": "2011-05-02T18:13:00+00:00",
      "revision_history": [
        {
          "date": "2011-05-02T18:13:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2011-05-02T14:16:57+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T04:21:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEL Virtualization (v. 5 server)",
                "product": {
                  "name": "RHEL Virtualization (v. 5 server)",
                  "product_id": "5Server-VT-5.6.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_virtualization:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvirt-devel-0:0.8.2-15.el5_6.4.ia64",
                "product": {
                  "name": "libvirt-devel-0:0.8.2-15.el5_6.4.ia64",
                  "product_id": "libvirt-devel-0:0.8.2-15.el5_6.4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvirt-devel@0.8.2-15.el5_6.4?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvirt-python-0:0.8.2-15.el5_6.4.ia64",
                "product": {
                  "name": "libvirt-python-0:0.8.2-15.el5_6.4.ia64",
                  "product_id": "libvirt-python-0:0.8.2-15.el5_6.4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvirt-python@0.8.2-15.el5_6.4?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvirt-debuginfo-0:0.8.2-15.el5_6.4.ia64",
                "product": {
                  "name": "libvirt-debuginfo-0:0.8.2-15.el5_6.4.ia64",
                  "product_id": "libvirt-debuginfo-0:0.8.2-15.el5_6.4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvirt-debuginfo@0.8.2-15.el5_6.4?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvirt-0:0.8.2-15.el5_6.4.ia64",
                "product": {
                  "name": "libvirt-0:0.8.2-15.el5_6.4.ia64",
                  "product_id": "libvirt-0:0.8.2-15.el5_6.4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvirt@0.8.2-15.el5_6.4?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvirt-devel-0:0.8.2-15.el5_6.4.x86_64",
                "product": {
                  "name": "libvirt-devel-0:0.8.2-15.el5_6.4.x86_64",
                  "product_id": "libvirt-devel-0:0.8.2-15.el5_6.4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvirt-devel@0.8.2-15.el5_6.4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvirt-python-0:0.8.2-15.el5_6.4.x86_64",
                "product": {
                  "name": "libvirt-python-0:0.8.2-15.el5_6.4.x86_64",
                  "product_id": "libvirt-python-0:0.8.2-15.el5_6.4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvirt-python@0.8.2-15.el5_6.4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvirt-debuginfo-0:0.8.2-15.el5_6.4.x86_64",
                "product": {
                  "name": "libvirt-debuginfo-0:0.8.2-15.el5_6.4.x86_64",
                  "product_id": "libvirt-debuginfo-0:0.8.2-15.el5_6.4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvirt-debuginfo@0.8.2-15.el5_6.4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvirt-0:0.8.2-15.el5_6.4.x86_64",
                "product": {
                  "name": "libvirt-0:0.8.2-15.el5_6.4.x86_64",
                  "product_id": "libvirt-0:0.8.2-15.el5_6.4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvirt@0.8.2-15.el5_6.4?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvirt-devel-0:0.8.2-15.el5_6.4.i386",
                "product": {
                  "name": "libvirt-devel-0:0.8.2-15.el5_6.4.i386",
                  "product_id": "libvirt-devel-0:0.8.2-15.el5_6.4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvirt-devel@0.8.2-15.el5_6.4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvirt-debuginfo-0:0.8.2-15.el5_6.4.i386",
                "product": {
                  "name": "libvirt-debuginfo-0:0.8.2-15.el5_6.4.i386",
                  "product_id": "libvirt-debuginfo-0:0.8.2-15.el5_6.4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvirt-debuginfo@0.8.2-15.el5_6.4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvirt-0:0.8.2-15.el5_6.4.i386",
                "product": {
                  "name": "libvirt-0:0.8.2-15.el5_6.4.i386",
                  "product_id": "libvirt-0:0.8.2-15.el5_6.4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvirt@0.8.2-15.el5_6.4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvirt-python-0:0.8.2-15.el5_6.4.i386",
                "product": {
                  "name": "libvirt-python-0:0.8.2-15.el5_6.4.i386",
                  "product_id": "libvirt-python-0:0.8.2-15.el5_6.4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvirt-python@0.8.2-15.el5_6.4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvirt-0:0.8.2-15.el5_6.4.src",
                "product": {
                  "name": "libvirt-0:0.8.2-15.el5_6.4.src",
                  "product_id": "libvirt-0:0.8.2-15.el5_6.4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvirt@0.8.2-15.el5_6.4?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvirt-0:0.8.2-15.el5_6.4.i386 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.i386"
        },
        "product_reference": "libvirt-0:0.8.2-15.el5_6.4.i386",
        "relates_to_product_reference": "5Server-VT-5.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvirt-0:0.8.2-15.el5_6.4.ia64 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.ia64"
        },
        "product_reference": "libvirt-0:0.8.2-15.el5_6.4.ia64",
        "relates_to_product_reference": "5Server-VT-5.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvirt-0:0.8.2-15.el5_6.4.src as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.src"
        },
        "product_reference": "libvirt-0:0.8.2-15.el5_6.4.src",
        "relates_to_product_reference": "5Server-VT-5.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvirt-0:0.8.2-15.el5_6.4.x86_64 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.x86_64"
        },
        "product_reference": "libvirt-0:0.8.2-15.el5_6.4.x86_64",
        "relates_to_product_reference": "5Server-VT-5.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvirt-debuginfo-0:0.8.2-15.el5_6.4.i386 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.6.Z:libvirt-debuginfo-0:0.8.2-15.el5_6.4.i386"
        },
        "product_reference": "libvirt-debuginfo-0:0.8.2-15.el5_6.4.i386",
        "relates_to_product_reference": "5Server-VT-5.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvirt-debuginfo-0:0.8.2-15.el5_6.4.ia64 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.6.Z:libvirt-debuginfo-0:0.8.2-15.el5_6.4.ia64"
        },
        "product_reference": "libvirt-debuginfo-0:0.8.2-15.el5_6.4.ia64",
        "relates_to_product_reference": "5Server-VT-5.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvirt-debuginfo-0:0.8.2-15.el5_6.4.x86_64 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.6.Z:libvirt-debuginfo-0:0.8.2-15.el5_6.4.x86_64"
        },
        "product_reference": "libvirt-debuginfo-0:0.8.2-15.el5_6.4.x86_64",
        "relates_to_product_reference": "5Server-VT-5.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvirt-devel-0:0.8.2-15.el5_6.4.i386 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.6.Z:libvirt-devel-0:0.8.2-15.el5_6.4.i386"
        },
        "product_reference": "libvirt-devel-0:0.8.2-15.el5_6.4.i386",
        "relates_to_product_reference": "5Server-VT-5.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvirt-devel-0:0.8.2-15.el5_6.4.ia64 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.6.Z:libvirt-devel-0:0.8.2-15.el5_6.4.ia64"
        },
        "product_reference": "libvirt-devel-0:0.8.2-15.el5_6.4.ia64",
        "relates_to_product_reference": "5Server-VT-5.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvirt-devel-0:0.8.2-15.el5_6.4.x86_64 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.6.Z:libvirt-devel-0:0.8.2-15.el5_6.4.x86_64"
        },
        "product_reference": "libvirt-devel-0:0.8.2-15.el5_6.4.x86_64",
        "relates_to_product_reference": "5Server-VT-5.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvirt-python-0:0.8.2-15.el5_6.4.i386 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.6.Z:libvirt-python-0:0.8.2-15.el5_6.4.i386"
        },
        "product_reference": "libvirt-python-0:0.8.2-15.el5_6.4.i386",
        "relates_to_product_reference": "5Server-VT-5.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvirt-python-0:0.8.2-15.el5_6.4.ia64 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.6.Z:libvirt-python-0:0.8.2-15.el5_6.4.ia64"
        },
        "product_reference": "libvirt-python-0:0.8.2-15.el5_6.4.ia64",
        "relates_to_product_reference": "5Server-VT-5.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvirt-python-0:0.8.2-15.el5_6.4.x86_64 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.6.Z:libvirt-python-0:0.8.2-15.el5_6.4.x86_64"
        },
        "product_reference": "libvirt-python-0:0.8.2-15.el5_6.4.x86_64",
        "relates_to_product_reference": "5Server-VT-5.6.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2011-1486",
      "discovery_date": "2011-03-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "693391"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libvirt: error reporting in libvirtd is not thread safe",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.i386",
          "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.ia64",
          "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.src",
          "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.x86_64",
          "5Server-VT-5.6.Z:libvirt-debuginfo-0:0.8.2-15.el5_6.4.i386",
          "5Server-VT-5.6.Z:libvirt-debuginfo-0:0.8.2-15.el5_6.4.ia64",
          "5Server-VT-5.6.Z:libvirt-debuginfo-0:0.8.2-15.el5_6.4.x86_64",
          "5Server-VT-5.6.Z:libvirt-devel-0:0.8.2-15.el5_6.4.i386",
          "5Server-VT-5.6.Z:libvirt-devel-0:0.8.2-15.el5_6.4.ia64",
          "5Server-VT-5.6.Z:libvirt-devel-0:0.8.2-15.el5_6.4.x86_64",
          "5Server-VT-5.6.Z:libvirt-python-0:0.8.2-15.el5_6.4.i386",
          "5Server-VT-5.6.Z:libvirt-python-0:0.8.2-15.el5_6.4.ia64",
          "5Server-VT-5.6.Z:libvirt-python-0:0.8.2-15.el5_6.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-1486"
        },
        {
          "category": "external",
          "summary": "RHBZ#693391",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=693391"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-1486",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-1486"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1486",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1486"
        }
      ],
      "release_date": "2011-03-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2011-05-02T18:13:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
          "product_ids": [
            "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.i386",
            "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.ia64",
            "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.src",
            "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.x86_64",
            "5Server-VT-5.6.Z:libvirt-debuginfo-0:0.8.2-15.el5_6.4.i386",
            "5Server-VT-5.6.Z:libvirt-debuginfo-0:0.8.2-15.el5_6.4.ia64",
            "5Server-VT-5.6.Z:libvirt-debuginfo-0:0.8.2-15.el5_6.4.x86_64",
            "5Server-VT-5.6.Z:libvirt-devel-0:0.8.2-15.el5_6.4.i386",
            "5Server-VT-5.6.Z:libvirt-devel-0:0.8.2-15.el5_6.4.ia64",
            "5Server-VT-5.6.Z:libvirt-devel-0:0.8.2-15.el5_6.4.x86_64",
            "5Server-VT-5.6.Z:libvirt-python-0:0.8.2-15.el5_6.4.i386",
            "5Server-VT-5.6.Z:libvirt-python-0:0.8.2-15.el5_6.4.ia64",
            "5Server-VT-5.6.Z:libvirt-python-0:0.8.2-15.el5_6.4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2011:0478"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.i386",
            "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.ia64",
            "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.src",
            "5Server-VT-5.6.Z:libvirt-0:0.8.2-15.el5_6.4.x86_64",
            "5Server-VT-5.6.Z:libvirt-debuginfo-0:0.8.2-15.el5_6.4.i386",
            "5Server-VT-5.6.Z:libvirt-debuginfo-0:0.8.2-15.el5_6.4.ia64",
            "5Server-VT-5.6.Z:libvirt-debuginfo-0:0.8.2-15.el5_6.4.x86_64",
            "5Server-VT-5.6.Z:libvirt-devel-0:0.8.2-15.el5_6.4.i386",
            "5Server-VT-5.6.Z:libvirt-devel-0:0.8.2-15.el5_6.4.ia64",
            "5Server-VT-5.6.Z:libvirt-devel-0:0.8.2-15.el5_6.4.x86_64",
            "5Server-VT-5.6.Z:libvirt-python-0:0.8.2-15.el5_6.4.i386",
            "5Server-VT-5.6.Z:libvirt-python-0:0.8.2-15.el5_6.4.ia64",
            "5Server-VT-5.6.Z:libvirt-python-0:0.8.2-15.el5_6.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libvirt: error reporting in libvirtd is not thread safe"
    }
  ]
}

cve-2011-1486

Vulnerability from cvelistv5

Published

2011-05-31 20:00

Modified

2024-08-06 22:28

Severity ?

Summary

libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.

References

▼	URL	Tags
	http://support.avaya.com/css/P8/documents/100134583	x_refsource_CONFIRM
	http://secunia.com/advisories/44459	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2011-0479.html	vendor-advisory, x_refsource_REDHAT
	http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670	x_refsource_CONFIRM
	http://securitytracker.com/id?1025477	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/47148	vdb-entry, x_refsource_BID
	http://www.ubuntu.com/usn/USN-1152-1	vendor-advisory, x_refsource_UBUNTU
	http://www.redhat.com/support/errata/RHSA-2011-0478.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=693391	x_refsource_CONFIRM
	https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2011/dsa-2280	vendor-advisory, x_refsource_DEBIAN

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.462Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100134583"
          },
          {
            "name": "44459",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44459"
          },
          {
            "name": "RHSA-2011:0479",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0479.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670"
          },
          {
            "name": "1025477",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025477"
          },
          {
            "name": "47148",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47148"
          },
          {
            "name": "USN-1152-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1152-1"
          },
          {
            "name": "RHSA-2011:0478",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0478.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=693391"
          },
          {
            "name": "[libvirt] 20110323 [PATCH] Make error reporting in libvirtd thread safe",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html"
          },
          {
            "name": "DSA-2280",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2280"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-08-12T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100134583"
        },
        {
          "name": "44459",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44459"
        },
        {
          "name": "RHSA-2011:0479",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0479.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670"
        },
        {
          "name": "1025477",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025477"
        },
        {
          "name": "47148",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47148"
        },
        {
          "name": "USN-1152-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1152-1"
        },
        {
          "name": "RHSA-2011:0478",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0478.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=693391"
        },
        {
          "name": "[libvirt] 20110323 [PATCH] Make error reporting in libvirtd thread safe",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html"
        },
        {
          "name": "DSA-2280",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2280"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1486",
    "datePublished": "2011-05-31T20:00:00",
    "dateReserved": "2011-03-21T00:00:00",
    "dateUpdated": "2024-08-06T22:28:41.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted