[ MDVSA-2015:035 ] libvirt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:035
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libvirt
 Date    : February 6, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated libvirt packages fix security vulnerability:
 
 The XML getters for for save images and snapshots objects don't
 check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump
 security sensitive information. A remote attacker able to establish
 a connection to libvirtd could use this flaw to cause leak certain
 limited information from the domain xml file (CVE-2015-0236).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CV

007 Software

[ MDVSA-2015:035 ] libvirt

Leave a Reply Cancel reply

Software and Security Information