[ MDVSA-2015:070 ] libvirt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:070
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libvirt
 Date    : March 27, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated libvirt packages fixes security vulnerabilities:
 
 The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions
 in qemu/qemu_driver.c in libvirt do not unlock the domain when an
 ACL check fails, which allow local users to cause a denial of service
 via unspecified vectors (CVE-2014-8136).
 
 The XML getters for for save images and snapshots objects don't
 check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump
 security sensitive information. A remote attacker able to establish
 a connection t

007 Software

[ MDVSA-2015:070 ] libvirt

Leave a Reply Cancel reply

Software and Security Information