Lucene search

Gentoo FoundationMGASA-2015-0046

HistoryJan 31, 2015 - 4:23 p.m.

Updated libvirt packages fix CVE-2015-0236

2015-01-3116:23:52

Gentoo Foundation

advisories.mageia.org

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

57.3%

JSON

Updated libvirt packages fix security vulnerability: The XML getters for for save images and snapshots objects don’t check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump security sensitive information. A remote attacker able to establish a connection to libvirtd could use this flaw to cause leak certain limited information from the domain xml file (CVE-2015-0236).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchlibvirt< 1.2.1-1.5libvirt-1.2.1-1.5.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	libvirt	< 1.2.1-1.5	libvirt-1.2.1-1.5.mga4

References

security.libvirt.org/2015/0001.html

bugs.mageia.org/show_bug.cgi?id=15141

bugzilla.redhat.com/show_bug.cgi?id=1184431

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

57.3%

JSON

Related for MGASA-2015-0046