Referenced CVEs:
CVE-2008-5086
Description:
===========================================================Ubuntu Security Notice USN-694-1 December 18, 2008libvirt vulnerabilityCVE-2008-5086===========================================================A security issue affects the following Ubuntu releases:Ubuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 7.10: libvirt0 0.3.0-0ubuntu2.1Ubuntu 8.04 LTS: libvirt0 0.4.0-2ubuntu8.1Ubuntu 8.10: libvirt0 0.4.4-3ubuntu3.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that libvirt did not mark certain operations as read-only. Alocal attacker may be able to perform privileged actions such as migratingvirtual machines, adjusting autostart flags, or accessing privileged data inthe virtual machine memory and disks.