libvirt vulnerabilities

2014-11-1100:00:00

ubuntu.com

8.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.042 Low

EPSS

Percentile

92.2%

JSON

Releases

Ubuntu 14.10
Ubuntu 14.04 ESM

Packages

libvirt - Libvirt virtualization toolkit

Details

Pavel Hrdina discovered that libvirt incorrectly handled locking when
processing the virConnectListAllDomains command. An attacker could use this
issue to cause libvirtd to hang, resulting in a denial of service.
(CVE-2014-3657)

Eric Blake discovered that libvirt incorrectly handled permissions when
processing the qemuDomainFormatXML command. An attacker with read-only
privileges could possibly use this to gain access to certain information
from the domain xml file. (CVE-2014-7823)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.10noarchlibvirt-bin< 1.2.8-0ubuntu11.1UNKNOWN
Ubuntu14.10noarchlibvirt-dev< 1.2.8-0ubuntu11.1UNKNOWN
Ubuntu14.10noarchlibvirt0< 1.2.8-0ubuntu11.1UNKNOWN
Ubuntu14.10noarchlibvirt0-dbg< 1.2.8-0ubuntu11.1UNKNOWN
Ubuntu14.04noarchlibvirt-bin< 1.2.2-0ubuntu13.1.7UNKNOWN
Ubuntu14.04noarchlibvirt-dev< 1.2.2-0ubuntu13.1.7UNKNOWN
Ubuntu14.04noarchlibvirt0< 1.2.2-0ubuntu13.1.7UNKNOWN
Ubuntu14.04noarchlibvirt0-dbg< 1.2.2-0ubuntu13.1.7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	14.10	noarch	libvirt-bin	< 1.2.8-0ubuntu11.1	UNKNOWN
Ubuntu	14.10	noarch	libvirt-dev	< 1.2.8-0ubuntu11.1	UNKNOWN
Ubuntu	14.10	noarch	libvirt0	< 1.2.8-0ubuntu11.1	UNKNOWN
Ubuntu	14.10	noarch	libvirt0-dbg	< 1.2.8-0ubuntu11.1	UNKNOWN
Ubuntu	14.04	noarch	libvirt-bin	< 1.2.2-0ubuntu13.1.7	UNKNOWN
Ubuntu	14.04	noarch	libvirt-dev	< 1.2.2-0ubuntu13.1.7	UNKNOWN
Ubuntu	14.04	noarch	libvirt0	< 1.2.2-0ubuntu13.1.7	UNKNOWN
Ubuntu	14.04	noarch	libvirt0-dbg	< 1.2.2-0ubuntu13.1.7	UNKNOWN