The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.
{ "binaries": [ { "binary_name": "libvirt-bin", "binary_version": "1.2.2-0ubuntu13.1.14" }, { "binary_name": "libvirt-bin-dbgsym", "binary_version": "1.2.2-0ubuntu13.1.14" }, { "binary_name": "libvirt-dev", "binary_version": "1.2.2-0ubuntu13.1.14" }, { "binary_name": "libvirt-dev-dbgsym", "binary_version": "1.2.2-0ubuntu13.1.14" }, { "binary_name": "libvirt-doc", "binary_version": "1.2.2-0ubuntu13.1.14" }, { "binary_name": "libvirt0", "binary_version": "1.2.2-0ubuntu13.1.14" }, { "binary_name": "libvirt0-dbg", "binary_version": "1.2.2-0ubuntu13.1.14" }, { "binary_name": "libvirt0-dbgsym", "binary_version": "1.2.2-0ubuntu13.1.14" } ], "availability": "No subscription required" }