2 matches found
MGASA-2015-0046 Updated libvirt packages fix CVE-2015-0236
Updated libvirt packages fix security vulnerability: The XML getters for save images and snapshots objects don't check ACLs for the VIRDOMAINXMLSECURE flag and might possibly dump security sensitive information. A remote attacker able to establish a connection to libvirtd could use this flaw to...
MGASA-2014-0470 Updated libvirt packages fix security vulnerability
Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An attacker with read-only privileges could possibly use this to gain access to certain information from the domain xml file CVE-2014-7823...