CVE-2011-2511

Publication date 12 July 2011

Last updated 24 July 2024

Ubuntu priority

Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libvirt	11.04 natty	Fixed 0.8.8-1ubuntu6.5
	10.10 maverick	Fixed 0.8.3-1ubuntu19.1
	10.04 LTS lucid	Fixed 0.7.5-5ubuntu27.16
	8.04 LTS hardy	Ignored end of life

Notes

jdstrand

DoS is confirmed by a remote authenticated user 89d994ad6b0e8ebe9a2cd4e0e37119ff4c917550 (gnulib) may not actually be required to fix in stable releases. fixed in 0.8.3-5+squeeze2

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libvirt	Upstream: https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html Vendor: https://rhn.redhat.com/errata/RHSA-2011-1019.html

CVE-2011-2511

Status

Notes

jdstrand

Patch details

References

Related Ubuntu Security Notices (USN)

Other references