EUVD-2013-6263

Malware in sbrugna...

openSUSE Security Update : libvirt (openSUSE-2019-1672)

This update for libvirt fixes the following issues : Security issues fixed : - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...

Scientific Linux Security Update : libvirt on SL7.x x86_64 (20150305)

It was found that QEMU's qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions did not correctly perform a domain unlock on a failed ACL check. A remote attacker able to establish a connection to libvirtd could use this flaw to lock a domain of a more privileged user, causing a denial o...

libvirt security update

CentOS Errata and Security Advisory CESA-2015:0323 Updated libvirt packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability...

[ MDVSA-2014:097 ] libvirt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:097 http://www.mandriva.com/en/support/security/ Package : libvirt Date : May 16, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in libvirt...

Updated libvirt packages fix multiple vulnerabilities

Updated libvirt packages fix security vulnerabilities: The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the...

USN-2209-1: libvirt vulnerabilities

It was discovered that libvirt incorrectly handled symlinks when using the LXC driver. An attacker could possibly use this issue to delete host devices, create arbitrary nodes, and shutdown or power off the host. CVE-2013-6456 Marian Krcmarik discovered that libvirt incorrectly handled seamless...

CVE-2013-6456

The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the virDomainDeviceAttach API and a symlink attack on /dev in th...

Code injection

The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the virDomainDeviceAttach API and a symlink attack on /dev in th...

CVE-2013-6456

The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the virDomainDeviceAttach API and a symlink attack on /dev in th...

CVE-2013-6456

The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the virDomainDeviceAttach API and a symlink attack on /dev in th...

CVE-2013-6456

CVE-2013-6456 affects the LXC driver (lxc_driver.c) in libvirt 1.0.1–1.2.1. It allows a local user to perform a symlink-based attack under /dev in the container to (1) delete arbitrary host devices via virDomainDeviceDettach, (2) create arbitrary device nodes via virDomainDeviceAttach, and (3) tr...

CVE-2013-6456

The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the virDomainDeviceAttach API and a symlink attack on /dev in th...

DEBIAN-CVE-2013-6436

The lxcDomainGetMemoryParameters method in lxc/lxcdriver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service NULL pointer dereference and libvirtd crash via a guest in the shutdown...