Release date:
Updated on:
Affected Systems:
Libvirt 0.8.8
Libvirt 0.8.2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 48321
Cve id: CVE-2011-2178
Libvirt is a free and open-source C function library that supports mainstream virtualization tools in Linux.
In versions earlier than libvirt 0.9.0, The virSecurityManagerGetPrivateData function of security/security_manager.c used an incorrect parameter for the sizeof call, resulting in a denial of service.
<* Source: Eric Blake (ebb9@byu.net)
Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 709769
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Libvirt
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://libvirt.org/index.html