Upstream information

CVE-2013-4311 at MITRE

Description

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.64
Vector AV:L/AC:L/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 836931 [RESOLVED / FIXED], 838638 [RESOLVED / FIXED], 864716 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libvirt-devel >= 1.0.5.6-0.7.1
Builds
SAT Patch Nr: 8421
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libvirt-devel >= 1.0.5.6-0.7.1
  • libvirt-devel-32bit >= 1.0.5.6-0.7.1
Builds
SAT Patch Nr: 8421
SUSE Linux Enterprise Desktop 11 SP3
  • libvirt >= 1.0.5.6-0.7.1
  • libvirt-client >= 1.0.5.6-0.7.1
  • libvirt-doc >= 1.0.5.6-0.7.1
  • libvirt-python >= 1.0.5.6-0.7.1
Builds
SAT Patch Nr: 8421
SUSE Linux Enterprise Desktop 11 SP3
  • libvirt >= 1.0.5.6-0.7.1
  • libvirt-client >= 1.0.5.6-0.7.1
  • libvirt-client-32bit >= 1.0.5.6-0.7.1
  • libvirt-doc >= 1.0.5.6-0.7.1
  • libvirt-python >= 1.0.5.6-0.7.1
Builds
SAT Patch Nr: 8421
SUSE Linux Enterprise Server 11 SP3
  • libvirt >= 1.0.5.6-0.7.1
  • libvirt-client >= 1.0.5.6-0.7.1
  • libvirt-doc >= 1.0.5.6-0.7.1
  • libvirt-lock-sanlock >= 1.0.5.6-0.7.1
  • libvirt-python >= 1.0.5.6-0.7.1
Builds
SAT Patch Nr: 8421
SUSE Linux Enterprise Server 11 SP3
  • libvirt >= 1.0.5.6-0.7.1
  • libvirt-client >= 1.0.5.6-0.7.1
  • libvirt-client-32bit >= 1.0.5.6-0.7.1
  • libvirt-doc >= 1.0.5.6-0.7.1
  • libvirt-lock-sanlock >= 1.0.5.6-0.7.1
  • libvirt-python >= 1.0.5.6-0.7.1
Builds
SAT Patch Nr: 8421
openSUSE 12.3
  • libvirt >= 1.0.2-1.10.1
  • libvirt-client >= 1.0.2-1.10.1
  • libvirt-client-32bit >= 1.0.2-1.10.1
  • libvirt-client-debuginfo >= 1.0.2-1.10.1
  • libvirt-client-debuginfo-32bit >= 1.0.2-1.10.1
  • libvirt-debuginfo >= 1.0.2-1.10.1
  • libvirt-debugsource >= 1.0.2-1.10.1
  • libvirt-devel >= 1.0.2-1.10.1
  • libvirt-devel-32bit >= 1.0.2-1.10.1
  • libvirt-doc >= 1.0.2-1.10.1
  • libvirt-lock-sanlock >= 1.0.2-1.10.1
  • libvirt-lock-sanlock-debuginfo >= 1.0.2-1.10.1
  • libvirt-python >= 1.0.2-1.10.1
  • libvirt-python-debuginfo >= 1.0.2-1.10.1
Patchnames:
openSUSE-2013-763