[ MDVSA-2015:023 ] libvirt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:023
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libvirt
 Date    : January 15, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated libvirt packages fix security vulnerability:
 
 The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions
 in qemu/qemu_driver.c in libvirt do not unlock the domain when an
 ACL check fails, which allow local users to cause a denial of service
 via unspecified vectors (CVE-2014-8136).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8136
 http://advisories.mageia.org/MGASA-2015-0002.html
 ____________________________

Leave a Reply