Lucene search

K

Gentoo FoundationGLSA-201412-04

HistoryDec 08, 2014 - 12:00 a.m.

libvirt: Multiple vulnerabilities

2014-12-0800:00:00

Gentoo Foundation

security.gentoo.org

16

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.039 Low

EPSS

Percentile

91.8%

Background

libvirt is a C toolkit for manipulating virtual machines.

Description

Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker may be able to cause a Denial of Service or cause information leakage. A local attacker may be able to escalate privileges, cause a Denial of Service or possibly execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All libvirt users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=app-emulation/libvirt-1.2.9-r2"

OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-emulation/libvirt< 1.2.9-r2UNKNOWN

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.039 Low

EPSS

Percentile

91.8%

Related for GLSA-201412-04

openvas42 nessus41 f52 altlinux4 fedora9 ubuntu5 securityvulns11 osv17 ubuntucve11 debiancve11 prion12 centos3 mageia3 redhat3 oraclelinux2 debian3 cve13 seebug2 veracode5