PublicDateAtUSN: 2013-09-18
Candidate: CVE-2013-4311
PublicDate: 2013-10-03 21:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4311
 https://ubuntu.com/security/notices/USN-1954-1
Description:
 libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x
 before 0.9.12.2 allows local users to bypass intended access restrictions
 by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck
 via a (1) setuid process or (2) pkexec process, a related issue to
 CVE-2013-4288.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_libvirt:
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=db7a5688c05f3fd60d9d2b74c72427eb9ee9c176
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=e65667c0c6e016d42abea077e31628ae43f57b74
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=922b7fda77b094dbf022d625238262ea05335666
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=e4697b92abaad16e8e6b41a1e55be9b084d48d5a (fix)
upstream_libvirt: needs-triage
lucid_libvirt: released (0.7.5-5ubuntu27.24)
precise_libvirt: released (0.9.8-2ubuntu17.13)
quantal_libvirt: released (0.9.13-0ubuntu12.5)
raring_libvirt: released (1.0.2-0ubuntu11.13.04.4)
devel_libvirt: released (1.1.1-0ubuntu6)