Lucene search

K
mageiaGentoo FoundationMGASA-2015-0046
HistoryJan 31, 2015 - 4:23 p.m.

Updated libvirt packages fix CVE-2015-0236

2015-01-3116:23:52
Gentoo Foundation
advisories.mageia.org
24

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

EPSS

0.002

Percentile

58.2%

Updated libvirt packages fix security vulnerability: The XML getters for for save images and snapshots objects don’t check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump security sensitive information. A remote attacker able to establish a connection to libvirtd could use this flaw to cause leak certain limited information from the domain xml file (CVE-2015-0236).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchlibvirt< 1.2.1-1.5libvirt-1.2.1-1.5.mga4

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

EPSS

0.002

Percentile

58.2%