This ERRATA for SL 5.x i386/x86_64 is now available from:

ftp://ftp.scientificlinux.org/linux/scientific/5x/i386/updates/security/

ftp://ftp.scientificlinux.org/linux/scientific/5x/x86_64/updates/security/



-------------------------------------------------------------------------

Synopsis:          Important: libvirt security update

Issue date:        2011-03-29

CVE Names:         CVE-2011-1146



It was found that several libvirt API calls did not honor the read-only

permission for connections. A local attacker able to establish a read-only

connection to libvirtd on a server could use this flaw to execute commands

that should be restricted to read-write connections, possibly leading to a

denial of service or privilege escalation. (CVE-2011-1146)



Note: Previously, using rpmbuild without the '--define "rhel 5"' option to 

build the libvirt source RPM could failed with a "Failed build 

dependencies" error for the device-mapper-devel package, as this -devel 

sub-package may not be available. With this update, the -devel sub-package 

is no longer checked by default as a dependency when building , allowing 

the libvirt source RPM to build as expected. 

---------------------------------------------------------------------------- 

SL 5.x



SRPMS:



 	libvirt-0.8.2-15.el5_6.3.src.rpm



i386:



 	libvirt-0.8.2-15.el5_6.3.i386.rpm

 	libvirt-devel-0.8.2-15.el5_6.3.i386.rpm

 	libvirt-python-0.8.2-15.el5_6.3.i386.rpm



x86_64:



 	libvirt-0.8.2-15.el5_6.3.i386.rpm

 	libvirt-0.8.2-15.el5_6.3.x86_64.rpm

 	libvirt-devel-0.8.2-15.el5_6.3.i386.rpm

 	libvirt-devel-0.8.2-15.el5_6.3.x86_64.rpm

 	libvirt-python-0.8.2-15.el5_6.3.x86_64.rpm



-Connie Sieh

-Troy Dawson