Candidate: CVE-2013-4291
PublicDate: 2013-09-30 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4291
 https://bugzilla.redhat.com/show_bug.cgi?id=1006509
 http://wiki.libvirt.org/page/Maintenance_Releases
 http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fe11d34a6d46d6641ce90dc665164fda7bb6bff8
 http://libvirt.org/news.html
Description:
 The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7,
 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not
 properly set group memberships, which allows local users to gain
 privileges.
Ubuntu-Description:
Notes:
 mdeslaur> in security-provide-supplemental-groups patch in saucy
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_libvirt:
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=745aa55fbf3e076c4288d5ec3239f5a5d43508a6
upstream_libvirt: released (1.1.2-2)
lucid_libvirt: not-affected (code not present)
precise_libvirt: not-affected (code not present)
quantal_libvirt: not-affected (code not present)
raring_libvirt: not-affected (code not present)
devel_libvirt: released (1.1.1-0ubuntu5)