Upstream has released libvirt 1.2.2, fixing one security issue: http://libvirt.org/news.html Debian says the vulnerable code was introduced in 1.0.1, so Mageia 3 should be vulnerable too. The commits to fix this in the 1.0.5 branch may help: http://libvirt.org/git/?p=libvirt.git;a=shortlog;h=refs/heads/v1.0.5-maint Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
Here's the upstream advisory: http://security.libvirt.org/2013/0018.html And the original bug report for this issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394 I'm not sure from reading that if systems using systemd are vulnerable.
Fedora has issued an advisory for this on February 21: https://lists.fedoraproject.org/pipermail/package-announce/2014-February/129199.html
URL: (none) => http://lwn.net/Vulnerabilities/589092/
Updated to 1.2.2 in Cauldron by Joseph Wang.
Whiteboard: MGA4TOO, MGA3TOO => MGA3TOOCC: (none) => joequantVersion: Cauldron => 4
Depends on: (none) => 13387
Fixed in Bug 13387.
Status: NEW => RESOLVEDResolution: (none) => FIXED