253 matches found
Null pointer dereference
The qemuMigrationWaitForSpice function in qemu/qemumigration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service NULL pointer dereference and libvirtd crash by causing domblkstat to be called a...
SuSE 11.3 Security Update : libvirt (SAT Patch Number 8886)
This update fixes the following one non-security and two security issues with libvirt : - Fixing device assignment problem with Broadcom 57810 NIC to Guest OS. bnc817407 - qemu job usage issue in several API leading to libvirtd crash. CVE-2013-6458. bnc857492 - denial of service with keepalive...
[SECURITY] Fedora 20 Update: libvirt-1.1.3.4-1.fc20
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...
CentOS Update for libvirt CESA-2014:0103 centos6
Check for the Version of libvirt OpenVAS Vulnerability Test CentOS Update for libvirt CESA-2014:0103 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
qemu: job usage issue in several APIs leading to libvirtd crash
Multiple race conditions in the 1 virDomainBlockStats, 2 virDomainGetBlockInf, 3 qemuDomainBlockJobImpl, and 4 virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service libvirtd...
libvirt: denial of service with keepalive
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service libvirtd crash by closing a connection before a keepalive response is sent...
Race condition
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service libvirtd crash by closing a connection before a keepalive response is sent...
CVE-2013-6458
Multiple race conditions in the 1 virDomainBlockStats, 2 virDomainGetBlockInf, 3 qemuDomainBlockJobImpl, and 4 virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service libvirtd...
CVE-2013-6458
CVE-2013-6458 affects libvirt and is described in CentOS/CESA-2014:0103 as a use-after-free flaw in libvirt block APIs. A remote attacker who can establish a read-only connection to libvirtd could crash the libvirtd process or, potentially, execute arbitrary code with the libvirtd user’s privileg...
CVE-2014-1447
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service libvirtd crash by closing a connection before a keepalive response is sent...
[SECURITY] Fedora 20 Update: libvirt-1.1.3.3-1.fc20
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...
CVE-2013-6436
The lxcDomainGetMemoryParameters method in lxc/lxcdriver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service NULL pointer dereference and libvirtd crash via a guest in the shutdown...
CVE-2013-6436
CVE-2013-6436 affects the libvirt lxc driver. The vulnerability is in lxcDomainGetMemoryParameters in libvirt before the patch/cleanup, where memory tunables are read without properly checking the LXC guest status. A local user can trigger a denial of service (NULL pointer dereference, libvirtd c...
CVE-2013-6436
The lxcDomainGetMemoryParameters method in lxc/lxcdriver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service NULL pointer dereference and libvirtd crash via a guest in the shutdown...
libvirt: unprivileged user can crash libvirtd during spice migration
The qemuMigrationWaitForSpice function in qemu/qemumigration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service NULL pointer dereference and libvirtd crash by causing domblkstat to be called a...
[SECURITY] Fedora 20 Update: libvirt-1.1.3.1-1.fc20
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...
Fedora 20 : libvirt-1.1.3.1-1.fc20 (2013-20869)
Rebased to version 1.1.3.1 - CVE-2013-4400: virt-login-shell arbitrary file overwrites vulnerability bz 1015228, bz 1025685 - Fix possible domain disappearance on libvirtd crash bz 1015246 - Fix LXC container startup failure bz 1014847 - Slim down libvirt LXC dependencies bz 1012198 Note that...
[SECURITY] Fedora 20 Update: libvirt-1.1.3-2.fc20
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...
[SECURITY] Fedora 19 Update: libvirt-1.0.5.6-2.fc19
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...
[SECURITY] Fedora 18 Update: libvirt-0.10.2.8-1.fc18
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...