46 matches found
UBUNTU-CVE-2017-15114
When libvirtd is configured by OSP director tripleo-heat-templates to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd which is equivalent to root acces...
openSUSE Security Update : libvirt (openSUSE-2017-1213)
This update for libvirt fixes the following issues : Security issue fixed : - CVE-2017-1000256: Ensure TLS clients always verify the server certificate in the serial/TLS support. bsc1062563 Non security issue fixed : - libvirt-daemon-qemu requires libvirt-daemon-driver-storage bsc1062620 This...
SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2017:2850-1)
This update for libvirt fixes the following issues: Security issue fixed : - CVE-2017-1000256: Ensure TLS clients always verify the server certificate in the serial/TLS support. bsc1062563 Non security issue fixed : - libvirt-daemon-qemu requires libvirt-daemon-driver-storage bsc1062620 Note that...
rhosp-director: libvirtd is deployed with no authentication
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on 0.0.0.0 all interfaces with no-authentication or encryption. Anyone able to make a TCP connection to any comput...
rhosp-director: libvirtd is deployed with no authentication
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on 0.0.0.0 all interfaces with no-authentication or encryption. Anyone able to make a TCP connection to any comput...
libvirt: Ceph id/key leaked in the process list
It was found that the libvirt daemon, when using RBD RADOS Block Device, leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster...
Scientific Linux Security Update : netcf on SL7.x x86_64 (20151119)
A denial of service flaw was found in netcf. A specially crafted interface name could cause an application using netcf such as the libvirt daemon to crash. CVE-2014-8119 The netcf packages have been upgraded to upstream version 0.2.8, which provides a number of bug fixes and enhancements over the...
netcf: augeas path expression injection via interface name
A denial of service flaw was found in netcf. A specially crafted interface name could cause an application using netcf such as the libvirt daemon to crash...
netcf: augeas path expression injection via interface name
A denial of service flaw was found in netcf. A specially crafted interface name could cause an application using netcf such as the libvirt daemon to crash...
The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the libvirt-daemon-driver-interface-1.1.1 package on the Red Hat Enterprise Linux operating system can lead to a violation of the confidentiality and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the libvirt-daemon-config-network-1.1.1 package for the Red Hat Enterprise Linux operating system can lead to a violation of the confidentiality and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the libvirt-daemon-1.1.1 package of the Red Hat Enterprise Linux operating system can lead to a violation of the confidentiality and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the libvirt-daemon-kvm-1.1.1 package in the Red Hat Enterprise Linux operating system can lead to a violation of the confidentiality and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the libvirt-daemon-lxc-1.1.1 package of the Red Hat Enterprise Linux operating system can lead to a violation of the confidentiality and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the libvirt-daemon-driver-secret-1.1.1 package for the Red Hat Enterprise Linux operating system can lead to a violation of the confidentiality and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the libvirt-daemon-driver-nodedev-1.1.1 package for the Red Hat Enterprise Linux operating system can lead to a violation of the confidentiality and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the CentOS operating system allows a malicious attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the libvirt-daemon-1.1.1 package on the CentOS operating system can lead to violations of confidentiality and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the CentOS operating system allows a malicious attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the libvirt-daemon-lxc-1.1.1 package from the CentOS operating system can lead to a violation of the confidentiality and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the CentOS operating system allows a malicious attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the libvirt-daemon-kvm-1.1.1 package on the CentOS operating system can lead to violations of confidentiality and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the CentOS operating system allows a malicious attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the libvirt-daemon-driver-interface-1.1.1 package on the CentOS operating system can lead to violations of confidentiality and accessibility of protected information. This vulnerability can be exploited remotely...