CVE-2013-4311

Publication date 18 September 2013

Last updated 24 July 2024

Ubuntu priority

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libvirt	13.04 raring	Fixed 1.0.2-0ubuntu11.13.04.4
	12.10 quantal	Fixed 0.9.13-0ubuntu12.5
	12.04 LTS precise	Fixed 0.9.8-2ubuntu17.13
	10.04 LTS lucid	Fixed 0.7.5-5ubuntu27.24

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libvirt	Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=db7a5688c05f3fd60d9d2b74c72427eb9ee9c176 Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=e65667c0c6e016d42abea077e31628ae43f57b74 Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=922b7fda77b094dbf022d625238262ea05335666 Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=e4697b92abaad16e8e6b41a1e55be9b084d48d5a

Package

Patch details

libvirt

Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=db7a5688c05f3fd60d9d2b74c72427eb9ee9c176
Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=e65667c0c6e016d42abea077e31628ae43f57b74
Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=922b7fda77b094dbf022d625238262ea05335666
Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=e4697b92abaad16e8e6b41a1e55be9b084d48d5a

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1954-1
libvirt vulnerabilities
18 September 2013

Other references

https://www.cve.org/CVERecord?id=CVE-2013-4311