Lucene search

K
ubuntuUbuntuUSN-2404-1
HistoryNov 11, 2014 - 12:00 a.m.

libvirt vulnerabilities

2014-11-1100:00:00
ubuntu.com
46

8.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.042 Low

EPSS

Percentile

92.2%

Releases

  • Ubuntu 14.10
  • Ubuntu 14.04 ESM

Packages

  • libvirt - Libvirt virtualization toolkit

Details

Pavel Hrdina discovered that libvirt incorrectly handled locking when
processing the virConnectListAllDomains command. An attacker could use this
issue to cause libvirtd to hang, resulting in a denial of service.
(CVE-2014-3657)

Eric Blake discovered that libvirt incorrectly handled permissions when
processing the qemuDomainFormatXML command. An attacker with read-only
privileges could possibly use this to gain access to certain information
from the domain xml file. (CVE-2014-7823)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.10noarchlibvirt-bin< 1.2.8-0ubuntu11.1UNKNOWN
Ubuntu14.10noarchlibvirt-dev< 1.2.8-0ubuntu11.1UNKNOWN
Ubuntu14.10noarchlibvirt0< 1.2.8-0ubuntu11.1UNKNOWN
Ubuntu14.10noarchlibvirt0-dbg< 1.2.8-0ubuntu11.1UNKNOWN
Ubuntu14.04noarchlibvirt-bin< 1.2.2-0ubuntu13.1.7UNKNOWN
Ubuntu14.04noarchlibvirt-dev< 1.2.2-0ubuntu13.1.7UNKNOWN
Ubuntu14.04noarchlibvirt0< 1.2.2-0ubuntu13.1.7UNKNOWN
Ubuntu14.04noarchlibvirt0-dbg< 1.2.2-0ubuntu13.1.7UNKNOWN

8.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.042 Low

EPSS

Percentile

92.2%