Security Bulletin: Vulnerability in netcf affects PowerKVM (CVE-2014-8119)

Summary PowerKVM is affected by a vulnerability in netcf. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2014-8119 DESCRIPTION: The netcfg package in Linux is vulnerable to a denial of service, caused by the improper processing of XPath expressions by the findifcfgpath function...

CVE-2014-8119

The findifcfgpath function in netcf before 0.2.7 might allow attackers to cause a denial of service application crash via vectors involving augeas path expressions...

CVE-2014-8119

The findifcfgpath function in netcf before 0.2.7 might allow attackers to cause a denial of service application crash via vectors involving augeas path expressions...

Design/Logic Flaw

The findifcfgpath function in netcf before 0.2.7 might allow attackers to cause a denial of service application crash via vectors involving augeas path expressions...

CVE-2014-8119

The findifcfgpath function in netcf before 0.2.7 might allow attackers to cause a denial of service application crash via vectors involving augeas path expressions...

CVE-2014-8119

The findifcfgpath function in netcf before 0.2.7 might allow attackers to cause a denial of service application crash via vectors involving augeas path expressions...

CVE-2014-8119

CVE-2014-8119 affects the netcf library, where the function find_ifcfg_path in netcf before 0.2.7 may allow a remote attacker to trigger a denial of service (application crash) via vectors involving augeas path expressions. This vulnerability has been acknowledged in multiple advisories across ve...

netcf remote denial of service vulnerability

netcf is a library for configuring network interfaces. A remote denial of service vulnerability exists in netcf. An attacker could exploit this vulnerability to crash an application and deny service to legitimate users...

Scientific Linux Security Update : netcf on SL7.x x86_64 (20151119)

A denial of service flaw was found in netcf. A specially crafted interface name could cause an application using netcf such as the libvirt daemon to crash. CVE-2014-8119 The netcf packages have been upgraded to upstream version 0.2.8, which provides a number of bug fixes and enhancements over the...

CentOS 7 : netcf (CESA-2015:2248)

Updated netcf packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

netcf security update

CentOS Errata and Security Advisory CESA-2015:2248 Updated netcf packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common...

Oracle: Security Advisory (ELSA-2015-2248)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : netcf (ELSA-2015-2248)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-2248 advisory. 0.2.8-1 - Rebase to netcf-0.2.8 - resolve rhbz1165965 - CVE-2014-8119 - resolve rhbz1159000 - support multiple IPv4 addresses in interface config redhat driver ...

netcf security, bug fix, and enhancement update

0.2.8-1 - Rebase to netcf-0.2.8 - resolve rhbz1165965 - CVE-2014-8119 - resolve rhbz1159000 - support multiple IPv4 addresses in interface config redhat driver - resolve rhbz1113983 - allow static IPv4 config simultaneous with DHCPv4 redhat driver - resolve rhbz1170941 - remove extra quotes from...

RHEL 7 : netcf (RHSA-2015:2248)

Updated netcf packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

RedHat Update for netcf RHSA-2015:2248-03

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

netcf: augeas path expression injection via interface name

A denial of service flaw was found in netcf. A specially crafted interface name could cause an application using netcf such as the libvirt daemon to crash...

Moderate: Red Hat Security Advisory: netcf security, bug fix, and enhancement update

Updated netcf packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

netcf: augeas path expression injection via interface name

A denial of service flaw was found in netcf. A specially crafted interface name could cause an application using netcf such as the libvirt daemon to crash...

Moderate: Red Hat Bug Fix Advisory: netcf bug fix update

Updated netcf packages that fix several bugs are now available for Red Hat Enterprise Linux 6. The netcf packages contain a library for modifying the network configuration of a system. Network configuration is expressed in a platform-independent XML format, which netcf translates into changes to...