AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2022:7472)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7472 advisory. QEMU: fdc: heap buffer overflow in DMA read data transfers CVE-2021-3507 libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of...

Low: libvirt security, bug fix, and enhancement update

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a later upstream version:...

Low: virt-v2v security, bug fix, and enhancement update

The virt-v2v package provides a tool for converting virtual machines to use the KVM Kernel-based Virtual Machine hypervisor or AlmaLinux Enterprise Virtualization. The tool modifies both the virtual machine image and its associated libvirt metadata. Also, virt-v2v can configure a guest to use...

ALSA-2022:8003 Low: libvirt security, bug fix, and enhancement update

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a later upstream version:...

CVE-2022-44020

A flaw was found in sushy-tools & VirtualBMC, where changing the boot device configuration removes password protection from the managed libvirt XML domain...

RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2022:7472)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7472 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contai...

CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2022:7472)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7472 advisory. - QEMU: fdc: heap buffer overflow in DMA read data transfers CVE-2021-3507 - libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to deni...

rhel and virt-devel:rhel bug fix and enhancement update

An update is available for libguestfs, libnbd, libtpms, libguestfs-winsupport, nbdkit, supermin, libiscsi, hivex, libvirt, netcf, perl-Sys-Virt, seabios, qemu-kvm, swtpm, virt-v2v, sgabios, libvirt-dbus, libvirt-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS...

libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver-nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver-nwfilters object. This fl...

virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

An update is available for libguestfs, libnbd, libtpms, libguestfs-winsupport, nbdkit, supermin, libiscsi, hivex, libvirt, netcf, perl-Sys-Virt, seabios, qemu-kvm, swtpm, virt-v2v, sgabios, libvirt-dbus, libvirt-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS...

RLSA-2022:7472 Low: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting wi...

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of service DoS attacks. The locked virStoragePoolObj object in the storagePoolLookupByTargetPath function is not properly released on ACL permission failures which allows clients connected to the read-write socket with limited ACL permissions to acquire the lock...

GHSA-5PJ3-6FQM-8M7M OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...

OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...

CVE-2022-44020

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...

CVE-2022-44020

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...

Design/Logic Flaw

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...

OpenStack 安全漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in OpenStack Sushy-Tools 0.21.0 and earlier and VirtualBMC 2.2.2 and earlier, which stems from the fact that changing the boot device configuration with thes...

PT-2022-27083 · Openstack · Openstack Sushy-Tools

Name of the Vulnerable Software and Affected Versions: OpenStack Sushy-Tools versions 0.21.0 and earlier VirtualBMC versions 2.2.2 and earlier Description: An issue was discovered where changing the boot device configuration with the affected packages removes password protection from the managed...

CVE-2022-44020

CVE-2022-44020 affects OpenStack Sushy-Tools up to 0.21.0 and VirtualBMC up to 2.2.2. The issue occurs when changing the boot device configuration, which removes password protection from the managed libvirt XML domain. This risk is disclosed as affecting an "unsupported, production-like configura...