RHEL 7 : libvirt (RHSA-2015:0008)

Updated libvirt packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 6 : libvirt (RHSA-2014:1873)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1873 advisory. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In...

Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20141118)

An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune function looked up the disk index in a non- persistent live disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could u...

libvirt: domain_conf: domain deadlock DoS

A denial of service flaw was found in the way libvirt's virConnectListAllDomains function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive...

Moderate: Red Hat Bug Fix Advisory: virt-who bug fix and enhancement update

Updated virt-who package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 6. The virt-who package provides an agent that collects information about virtual guests present in the system and reports them to the Red Hat Subscription Manager tool. Th...

RHEL 7 : libvirt (RHSA-2014:1352)

Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

libvirt: domain_conf: domain deadlock DoS

A denial of service flaw was found in the way libvirt's virConnectListAllDomains function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive...

Debian Security Advisory DSA 3038-1 (libvirt - security update)

Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0179 Richard Jones and Daniel P. Berrange found that libvirt passes the XMLPARSENOENT flag when parsing XML...

DSA-3038-1 libvirt - security update

Bulletin has no description...

RHEL 7 : libvirt (RHSA-2014:0914)

Updated libvirt packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RedHat Update for libvirt RHSA-2014:0914-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : libvirt (ELSA-2014-0914)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-0914 advisory. - LSN-2014-0003: Don't expand entities when parsing XML CVE-2014-0179 Tenable has extracted the preceding description block directly from the Oracle Linux...

CentOS 7 : libvirt (CESA-2014:0914)

Updated libvirt packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Moderate: Red Hat Security Advisory: libvirt security and bug fix update

Updated libvirt packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

openSUSE Security Update : libvirt (openSUSE-SU-2012:0347-1)

This collective update 2012/02 for Xen provides fixes for the following reports : Xen === - 649209: Fix Xen live migrations being slow - 683580: Fix hangs during boot up after the message 'Enabled directed EOI with ioapicackold on! - 691256: unable to open a connection to the XEN Hypervisor -...

openSUSE Security Update : libvirt (openSUSE-SU-2011:0317-1)

libvirtd could mix errors from several threads leading to a crash CVE-2011-1486. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libvirt-4321. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : libvirt (openSUSE-SU-2011:0900-1)

libvirtd could crash if bogus parameters where passed to the VirDomainGetVcpus call CVE-2011-2511. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libvirt-4836. The text description of this...

openSUSE Security Update : libvirt (openSUSE-SU-2013:1550-1)

libvirt was updated to fix security issues and bugs : Security issues fixed: CVE-2013-4311: Add support for using 3-arg pkcheck syntax for process to avoid race conditions. CVE-2013-4296: Fix a crash denial of service in remoteDispatchDomainMemoryStats CVE-2013-5651: Fix virBitmapParse to avoid...

Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20140527)

It was found that libvirt passes the XMLPARSENOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a special file that blocks on read...

CVE-2013-7336

The qemuMigrationWaitForSpice function in qemu/qemumigration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service NULL pointer dereference and libvirtd crash by causing domblkstat to be called a...