Synopsis: Low: libvirt security and bug fix update Issue Date: 2013-01-08 CVE Numbers: CVE-2012-2693 -- Bus and device IDs were ignored when attempting to attach multiple USB devices with identical vendor or product IDs to a guest. This could result in the wrong device being attached to a guest, giving that guest root access to the device. (CVE-2012-2693) This update also fixes the following bugs: * Previously, the libvirtd library failed to set the autostart flags for already defined QEMU domains. This bug has been fixed, and the domains can now be successfully marked as autostarted. * Prior to this update, the virFileAbsPath() function was not taking into account the slash ("/") directory separator when allocating memory for combining the cwd() function and a path. This behavior could lead to a memory corruption. With this update, a transformation to the virAsprintff() function has been introduced into virFileAbsPath(). As a result, the aforementioned behavior no longer occurs. * With this update, a man page of the virsh user interface has been enhanced with information on the "domxml-from-native" and "domxml-to-native" commands. A correct notation of the format argument has been clarified. As a result, confusion is avoided when setting the format argument in the described commands. After installing the updated packages, libvirtd will be restarted automatically. -- SL5 x86_64 libvirt-0.8.2-29.el5.i386.rpm libvirt-0.8.2-29.el5.x86_64.rpm libvirt-debuginfo-0.8.2-29.el5.i386.rpm libvirt-debuginfo-0.8.2-29.el5.x86_64.rpm libvirt-devel-0.8.2-29.el5.i386.rpm libvirt-devel-0.8.2-29.el5.x86_64.rpm libvirt-python-0.8.2-29.el5.x86_64.rpm i386 libvirt-0.8.2-29.el5.i386.rpm libvirt-debuginfo-0.8.2-29.el5.i386.rpm libvirt-devel-0.8.2-29.el5.i386.rpm libvirt-python-0.8.2-29.el5.i386.rpm - Scientific Linux Development Team