[SECURITY] Fedora 21 Update: hivex-1.3.11-4.fc21

Hive files are the undocumented binary files that Windows uses to store the Windows Registry on disk. Hivex is a library that can read and write to these files. 'hivexsh' is a shell you can use to interactively navigate a hive binary file. 'hivexregedit' lets you export and merge to the textual...

[SECURITY] Fedora 20 Update: hivex-1.3.8-4.fc20

Hive files are the undocumented binary files that Windows uses to store the Windows Registry on disk. Hivex is a library that can read and write to these files. 'hivexsh' is a shell you can use to interactively navigate a hive binary file. 'hivexregedit' lets you export and merge to the textual...

RHEL 6 : qemu-kvm-rhev (RHSA-2012:1233)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1233 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the...

Oracle Linux 7 : kernel (ELSA-2014-1724)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1724 advisory. - virt kvm: fix PIT timer race condition Petr Matousek 1144879 1144880 CVE-2014-3611 - virt kvm/vmx: handle invept and invvpid vm exits gracefully Petr...

Moderate: Red Hat Bug Fix Advisory: virt-who bug fix and enhancement update

Updated virt-who package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 6. The virt-who package provides an agent that collects information about virtual guests present in the system and reports them to the Red Hat Subscription Manager tool. Th...

virt-who: plaintext hypervisor passwords in world-readable /etc/sysconfig/virt-who configuration file

It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file...

Moderate: Red Hat Bug Fix Advisory: virt-who bug fix and enhancement update

Updated virt-who packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5. The virt-who package provides an agent that collects information about virtual guests present in the system and reports them to the subscription manager. The virt-who...

virt-who: plaintext hypervisor passwords in world-readable /etc/sysconfig/virt-who configuration file

It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file...

openSUSE Security Update : libvirt (openSUSE-SU-2012:0347-1)

This collective update 2012/02 for Xen provides fixes for the following reports : Xen === - 649209: Fix Xen live migrations being slow - 683580: Fix hangs during boot up after the message 'Enabled directed EOI with ioapicackold on! - 691256: unable to open a connection to the XEN Hypervisor -...

openSUSE Security Update : xen-201107 (openSUSE-SU-2011:0941-1)

Security / Collective Update for Xen Xen : - bnc702025 - VUL-0: xen: VT-d PCI passthrough MSI trap injection CVE-2011-1898 - bnc703924 - update block-npiv scripts to support BFA HBA - bnc689954 - L3: Live migrations fail when guest crashes: domaincrashsync called from entry.S - bnc693472 - Bridge...

openSUSE Security Update : xen-201107 (openSUSE-SU-2011:0941-1)

Security / Collective Update for Xen Xen : - bnc702025 - VUL-0: xen: VT-d PCI passthrough MSI trap injection CVE-2011-1898 - bnc703924 - update block-npiv scripts to support BFA HBA - bnc689954 - L3: Live migrations fail when guest crashes: domaincrashsync called from entry.S - bnc693472 - Bridge...

kernel security and bug fix update

kernel 2.6.18-371.9.1 - nfs sunrpc: don't use a credential with extra groups Mateusz Guzik 1095062 976201 - scsi lpfc: Remove NDLP reference put in lpfccmplelslogoacc Rob Evers 1096061 1075228 - infiniband rds: dereference of a NULL device Jacob Tanenbaum 1079216 1079217 CVE-2013-7339 - kernel...

CVE-2014-0189

virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file...

Default credentials

virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file...

CVE-2014-0189

virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file...

CVE-2014-0189

The CVE-2014-0189 issue affects the virt-who utility, where /etc/sysconfig/virt-who was world-readable, enabling a local attacker to read credentials for hypervisors stored in that file. Publicly available connected sources (Red Hat/CentOS advisories and Nessus/NASL records) confirm the vulnerabi...

PT-2014-1855 · Red Hat +1 · Virt-Who +2

Name of the Vulnerable Software and Affected Versions: virt-who versions 0.10 Description: The issue allows local users to obtain the password for hypervisors by reading the /etc/sysconfig/virt-who file due to world-readable permissions. This can lead to a breach of confidentiality of protected...

CVE-2011-1773

virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password...

Authentication flaw

virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password...

CVE-2011-1773

virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password...