3 matches found
Security fix for the ALT Linux 8 package libvirt version 1.1.4-alt1
Nov. 6, 2013 Alexey Shabalin 1.1.4-alt1 - 1.1.4 - fixed CVE-2013-4400, CVE-2013-4401...
CVE-2013-4401
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained fr...
CVE-2013-4401
CVE-2013-4401 affects libvirt 1.1.0–1.1.3, where virConnectDomainXMLToNative incorrectly checks connect:read instead of connect:write. This mispermission enables a remote attacker to obtain domain:write privileges and may allow execution of Qemu binaries via crafted XML. Public disclosures in var...