3825 matches found
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : libvirt vulnerabilities (USN-1954-1)
It was discovered that libvirt used the pkcheck tool in an unsafe manner. A local attacker could possibly use this flaw to bypass polkit authentication. In Ubuntu, libvirt polkit authentication is not enabled by default. CVE-2013-4311 It was discovered that libvirt incorrectly handled certain...
USN-1954-1: libvirt vulnerabilities
It was discovered that libvirt used the pkcheck tool in an unsafe manner. A local attacker could possibly use this flaw to bypass polkit authentication. In Ubuntu, libvirt polkit authentication is not enabled by default. CVE-2013-4311 It was discovered that libvirt incorrectly handled certain...
CVE-2013-4311
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a 1 setuid process or 2 pkexec process, a related issue to CVE-2013-4288...
CVE-2013-4296
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service uninitialized pointer dereference and crash via a crafted RPC ca...
libxl partially sets up HVM passthrough even with disabled iommu
ISSUE DESCRIPTION With HVM domains, libxl's setup of PCI passthrough devices does the IOMMU setup after giving via the device model the guest access to the hardware and advertising it to the guest. If the IOMMU is disabled the overall setup fails, but after the device has been made available to t...
Security fix for the ALT Linux 8 package libvirt version 1.1.2-alt1
Sept. 3, 2013 Alexey Shabalin 1.1.2-alt1 - 1.1.2 - fixed CVE-2013-4291, CVE-2013-4292, CVE-2013-5651...
CVE-2013-5651
The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via a crafted bitmap, as demonstrated by a large nodeset value to numatune...
Security fix for the ALT Linux 8 package libvirt version 1.1.1-alt2
Aug. 26, 2013 Alexey Shabalin 1.1.1-alt2 - snapshot of v1.1.1-maint branch fixed CVE-2013-4239...
Fedora Update for heat-jeos FEDORA-2013-9715
Check for the Version of heat-jeos OpenVAS Vulnerability Test Fedora Update for heat-jeos FEDORA-2013-9715 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
Security fix for the ALT Linux 8 package libvirt version 1.1.1-alt1
Aug. 8, 2013 Alexey Shabalin 1.1.1-alt1 - 1.1.1 - fixed CVE-2013-2230, CVE-2013-4153, CVE-2013-4154...
Oracle Linux 6 : libvirt (ELSA-2012-1202)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2012-1202 advisory. libvirt-0.9.10-21.0.1.el63.4 - Replace docs/et.png in tarball with blank image libvirt-0.9.10-21.el63.4 - daemon: Fix crash in virTypedParameterArrayClear...
Oracle Linux 6 : libvirt (ELSA-2012-1359)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2012-1359 advisory. - security: Fix libvirtd crash possibility CVE-2012-4423 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...
Oracle Linux 6 : libvirt (ELSA-2013-0199)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0199 advisory. libvirt-0.9.10-21.0.1.el63.8 - Replace docs/et.png in tarball with blank image 0.9.10-21.el63.8 - rpc: Fix crash on error paths of message dispatching...
Oracle Linux 6 : libvirt (ELSA-2011-1197)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-1197 advisory. 0.8.7-18.0.1.el61.1 - Replace docs/et.png in tarball with blank image libvirt-0.8.7-18.el61.1 - debug: Avoid null dereference on uuid lookup api rhbz728546 - Fi...
Oracle Linux 5 : libvirt (ELSA-2009-0382)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-0382 advisory. - Add missing readonly checks for APIs CVE-2008-5086 Tenable has extracted the preceding description block directly from the Oracle Linux security...
Oracle Linux 5 : libvirt (ELSA-2011-0478)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0478 advisory. 0.8.2-15.0.1.el56.4 - Replaced docs/et.png in tarball 0.8.2-15.el56.4 - Make error reporting in libvirtd thread safe CVE-2011-1486 Tenable has extracted the...
Oracle Linux 5 : libvirt (ELSA-2010-0615)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0615 advisory. - Explicitly set qcow2 backing store format CVE-2010-2239 - Remap privileged source ports from guests behind NAT CVE-2010-2242 Tenable has extracted th...
Oracle Linux 5 / 6 : libvirt (ELSA-2011-0391)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0391 advisory. - Properly report error in virConnectDomainXMLToNative CVE-2011-1146 - Add missing checks for read-only connections CVE-2011-1146 Tenable has extracted the...
Oracle Linux 6 : libvirt (ELSA-2013-0276)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0276 advisory. - rpc: Fix crash on error paths of message dispatching CVE-2013-0170 Tenable has extracted the preceding description block directly from the Oracle Linux securi...
Oracle Linux 5 : libvirt (ELSA-2013-0127)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0127 advisory. 0.8.2-29.0.1.el5 - Replaced docs/et.png in tarball - remove virshtest from test cases to fix failure in mock build root libvirt-0.8.2-29.el5 - Coverity pointed...