Important: Red Hat Security Advisory: Red Hat OpenStack Platform director security update

An update is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

openSUSE Security Update : xen (openSUSE-2017-492)

This update for xen to version 4.7.2 fixes the following issues : These security issues were fixed : - CVE-2017-7228: Broken check in memoryexchange permited PV guest breakout bsc1030442. - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain o...

Security update for xen (important)

This update for xen to version 4.7.2 fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memoryexchange permited PV guest breakout bsc1030442. - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or...

[SECURITY] Fedora 23 Update: libvirt-1.2.18.4-1.fc23

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...

[SECURITY] Fedora 24 Update: libvirt-1.3.3.2-1.fc24

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...

DEBIAN-CVE-2015-5247

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service libvirtd crash by triggering a failed unlink after creating a volume on a rootsquash NFS pool...

Code injection

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service libvirtd crash by triggering a failed unlink after creating a volume on a rootsquash NFS pool...

[SECURITY] Fedora 22 Update: libvirt-1.2.13.2-1.fc22

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...

[SECURITY] Fedora 23 Update: libvirt-1.2.18.2-1.fc23

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...

dnsmasq < 2.66test2 libvirtd TCP Network Packet Parsing Response DNS Amplification DoS

The remote dnsmasq server is running a version prior to 2.66test2. It is, therefore, affected by a denial of service vulnerability in libvirtd due to improper parsing of malformed network packets. An unauthenticated, remote attacker can exploit this to cause an amplification of a large amount of...

dnsmasq < 2.63test1 libvirtd TCP Network Packet Parsing Response DNS Amplification DoS

The remote dnsmasq server is running a version prior to 2.63test1. It is, therefore, affected by a denial of service vulnerability in libvirtd due to improper parsing of malformed network packets. An unauthenticated, remote attacker can exploit this to cause an amplification of a large amount of...

FreeBSD : libvirt -- ACL bypass using ../ to access beyond storage pool (f714b4c9-a6c1-11e5-88d7-047d7b492d07)

Libvit development team reports : Various virStorageVol API operate on user-supplied volume names by concatenating the volume name to the pool location. Note that the virStoragePoolListVolumes API, when used on a storage pool backed by a directory in a file system, will only list volumes...

openSUSE Security Update : xen (openSUSE-2015-434) (Venom)

Xen was updated to 4.4.2 to fix multiple vulnerabilities and non-security bugs. The following vulnerabilities were fixed : - CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu XSA-128 boo931625 - CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests...

Security update for xen (important)

Xen was updated to 4.4.2 to fix multiple vulnerabilities and non-security bugs. The following vulnerabilities were fixed: CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu XSA-128 boo931625 CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests XSA-129...

SUSE SLED12 / SLES12 Security Update : Xen (SUSE-SU-2015:0613-1)

The XEN hypervisor received updates to fix various security issues and bugs. The following security issues were fixed : - CVE-2015-2151: XSA-123: A hypervisor memory corruption due to x86 emulator flaw. - CVE-2015-2045: XSA-122: Information leak through version information hypercall. -...

SUSE-SU-2015:0613-1 Security update for Xen

The XEN hypervisor received updates to fix various security issues and bugs. The following security issues were fixed: - CVE-2015-2151: XSA-123: A hypervisor memory corruption due to x86 emulator flaw. - CVE-2015-2045: XSA-122: Information leak through version information hypercall. -...

[SECURITY] Fedora 20 Update: libvirt-1.1.3.9-1.fc20

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...

[SECURITY] Fedora 21 Update: libvirt-1.2.9.2-1.fc21

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...

Updated libvirt packages fix CVE-2015-0236

Updated libvirt packages fix security vulnerability: The XML getters for save images and snapshots objects don't check ACLs for the VIRDOMAINXMLSECURE flag and might possibly dump security sensitive information. A remote attacker able to establish a connection to libvirtd could use this flaw to...

Scientific Linux Security Update : libvirt on SL7.x x86_64 (20150105)

It was found that when the VIRDOMAINXMLMIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc function could bypass the restrictions of the VIRDOMAINXMLSECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak...