3825 matches found
SUSE: Security Advisory (SUSE-SU-2021:3540-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2021:3540-1 Security update for libvirt
This update for libvirt fixes the following issues: Security issue fixed: - CVE-2021-3667: Fixed a DoS vulnerability in the libvirt virStoragePoolLookupByTargetPath API. bsc1188843 Non-security issues fixed: - resolved hangs/crashes on libvirtd shutdown bsc1182783 - qemu: Normalize MAC address in...
OESA-2021-1385 libvirt security update
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: An improper locking issue was found in the virStoragePoolLookupByTargetPath API o...
SUSE SLED12: libvirt / libvirt-admin / libvirt-client / libvirt-daemon / etc (SUSE-SU-2021:3277-1)
The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3277-1 advisory. - CVE-2021-3667: Fixed an improper locking on ACL failure in virStoragePoolLookupByTargetPath API. bsc1188843 Tenable has extracted...
SUSE: Security Advisory (SUSE-SU-2021:3277-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2021:3277-1 Security update for libvirt
This update for libvirt fixes the following issues: - CVE-2021-3667: Fixed an improper locking on ACL failure in virStoragePoolLookupByTargetPath API. bsc1188843...
Fedora: Security Advisory for libvirt (FEDORA-2021-bce7f9b98c)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
RHEL 8 : virt:8.2 and virt-devel:8.2 (RHSA-2021:3704)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3704 advisory. The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Re...
RHEL 8 : virt:av and virt-devel:av (RHSA-2021:3703)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3703 advisory. The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Re...
libvirt: Insecure sVirt label generation
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...
Moderate: Red Hat Security Advisory: virt:8.2 and virt-devel:8.2 security update
An update for the virt:8.2 and virt-devel:8.2 modules is now available for Red Hat Enterprise Linux Advanced Virtualization 8.2.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...
libvirt: Insecure sVirt label generation
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...
libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...
Moderate: Red Hat Security Advisory: virt:av and virt-devel:av security and bug fix update
An update for the virt:av and virt-devel:av modules is now available for Red Hat Enterprise Linux Advanced Virtualization 8.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
[SECURITY] Fedora 34 Update: libvirt-7.0.0-7.fc34
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...
The vulnerability of the Libvirt virtualization management library, related to authentication errors, allows a perpetrator to trigger a service failure.
The vulnerability of the Libvirt virtualization management library is related to the lack of authentication, allowing connections to only be set for read-only access. This means that libvirt waits for a response from the guest agent for a specified period of time. Exploiting this vulnerability...
The vulnerability of the HTTP cookie files in the Libvirt virtualization management library, related to improper deletion of critical data at the boundary, allows a hacker to access confidential data.
The vulnerability of the HTTP cookie file in the Libvirt virtualization management library is related to the storage of data in the dump XML file of the host domain. Exploiting this vulnerability allows a malicious actor to gain access to confidential data using the dumpxml command...
The vulnerability of the API virConnectListAllNodeDevices in the Libvirt management library, when using the GRID driver, relates to a failure of the operation beyond the buffer boundaries in memory. This vulnerability allows an attacker to trigger a service failure.
The vulnerability of the API virConnectListAllNodeDevices in the Libvirt control library, when using the GRID driver, is related to the operation exceeding the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to trigger a service failure using the virsh...
Moderate: Red Hat Security Advisory: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.8]
An update for cockpit-ovirt, ovirt-host, ovirt-hosted-engine-ha, ovirt-hosted-engine-setup, and vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...