Download
| Alert*
oval:org.secpod.oval:def:106487
libvirt is installed oval:org.secpod.oval:def:201788 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. It was found that libvirt did not set the user-defined backing store format when creat ... oval:org.secpod.oval:def:201753 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. It was found that libvirt did not set the user-defined backing store format when creat ... oval:org.secpod.oval:def:502218 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * An industry-wide issue was found in the way many modern micro ... oval:org.secpod.oval:def:502217 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * An industry-wide issue was found in the way many modern micro ... oval:org.secpod.oval:def:1800282 libvirt is installed oval:org.secpod.oval:def:204728 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * An industry-wide issue was found in the way many modern micro ... oval:org.secpod.oval:def:89003186 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent . Other issues fixed: - libxl: save current memo ... oval:org.secpod.oval:def:89003272 This update for libvirt and libvirt-python fixes the following issues: libvirt: - CVE-2016-10746: Fixed an authentication bypass where a guest agent with a read only connection could call virDomainGetTime API calls . - rpc: increase the size of REMOTE_MIGRATE_COOKIE_MAX . libvirt-python: - Fixes a m ... oval:org.secpod.oval:def:203530 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver ... oval:org.secpod.oval:def:89044643 This update for libvirt fixes several issues. This security issue was fixed: - bsc#1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc#1049505, bsc#1051017: Security manager: Don"t autogen ... oval:org.secpod.oval:def:1500876 Updated libvirt packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500363 Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:89044837 This update for libvirt fixes several issues. This security issue was fixed: - bsc#1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc#1049505, bsc#1051017: Security manager: Don"t autogen ... oval:org.secpod.oval:def:89044724 This update for libvirt fixes several issues. This security issue was fixed: - bsc#1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc#1025340: Use xend for nodeGetFreeMemory API - bsc#102 ... oval:org.secpod.oval:def:1801750 It was discovered that libvirt is accidentally leaking a file descriptor for /dev/mapper/control into the QEMU process. This file descriptor allows for privileged operations to be made against device mapper on the host. Thus a malicious QEMU has the potential to do serious damage to the host OS. oval:org.secpod.oval:def:89047077 This update for libvirt fixes the following issues: - lxc: controller: Fix container launch on cgroup v1. - supportconfig: Use systemctl command "is-active" instead of "is-enabled" when checking if libvirtd is active. - qemu: Do not report error in the logs when processing monitor IO. - spec: Fix ... oval:org.secpod.oval:def:116653 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:89003050 This update for libvirt fixes the following issues: Security issue fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent . - CVE-2019-3886: Fixed an information leak whic ... oval:org.secpod.oval:def:89003154 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent . - CVE-2019-3886: Fixed an information leak whi ... oval:org.secpod.oval:def:1800281 It was found that setting VNC password to empty string doesn"t work in a way as it"s documented. The documented semantics of setting the password to an empty string are that it disables all access to the VNC server, however in fact it allows all users access with no authentication required instead. oval:org.secpod.oval:def:111126 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:89045173 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2016-5008: empty VNC password disables authentication Bugs fixed: - bsc#970906: Fixed a race condition in xenstore event handling. - bsc#952889: Change hap setting to align with Xen behavior. - Fixed "make check" failu ... oval:org.secpod.oval:def:110982 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:204129 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvir ... oval:org.secpod.oval:def:109998 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:109987 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:89045378 This update for libvirt fixes the following issues: Security issue: - CVE-2015-5313: directory directory traversal privilege escalation vulnerability. Bugs fixed: - bsc#960305: xenxs: support parsing and formatting vif bandwidth - bsc#961173: xen: use correct domctl version in domaininfolist union ... oval:org.secpod.oval:def:204210 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. It was found that QEMU"s qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions did not correctly perform a domain unlock on a failed ACL check. A remote at ... oval:org.secpod.oval:def:1500931 The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. oval:org.secpod.oval:def:1500747 Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:203450 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt"s qemuDomainGetBlockIoTune ... oval:org.secpod.oval:def:1500805 An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could u ... oval:org.secpod.oval:def:203379 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML document ... oval:org.secpod.oval:def:106486 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:106315 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:1500249 Updated libvirt packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1500178 Updated libvirt packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1500028 Updated libvirt packages that fix one security issue, multiple bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives ... oval:org.secpod.oval:def:1500081 Updated libvirt packages that fix one security issue are now available forRed Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:201589 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. An integer overflow flaw was found in libvirtd"s RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by callin ... oval:org.secpod.oval:def:201582 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. A flaw was found in the way libvirtd handled error reporting for concurrent connection ... oval:org.secpod.oval:def:200580 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. A flaw was found in the way libvirtd handled error reporting for concurrent connection ... oval:org.secpod.oval:def:500217 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. It was found that several libvirt API calls did not honor the read-only permission for ... oval:org.secpod.oval:def:201499 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. It was found that several libvirt API calls did not honor the read-only permission for ... oval:org.secpod.oval:def:200387 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. It was found that several libvirt API calls did not honor the read-only permission for ... oval:org.secpod.oval:def:1503436 Updated libvirt packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ava ... oval:org.secpod.oval:def:2500417 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:1504739 qemu-kvm [4.2.0-34.el8_3.4] - kvm-virtiofsd-extract-lo_do_open-from-lo_open.patch [bz#1919109] - kvm-virtiofsd-optionally-return-inode-pointer-from-lo_do.patch [bz#1919109] - kvm-virtiofsd-prevent-opening-of-special-files-CVE-2020-.patch [bz#1919109] - Resolves: bz#1919109 oval:org.secpod.oval:def:2500454 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:202425 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd"s RPC call handling. An attacker able to establish a r ... oval:org.secpod.oval:def:202535 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in the way libvirtd handled connection cleanup under certain erro ... oval:org.secpod.oval:def:202581 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was discovered that libvirt made certain invalid assumptions about dnsmasq"s com ... oval:org.secpod.oval:def:202464 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd"s RPC call handling. An attacker able to establish a r ... oval:org.secpod.oval:def:202886 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirtd leaked file descriptors when listing all volumes for a p ... oval:org.secpod.oval:def:203328 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML document ... oval:org.secpod.oval:def:501058 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirtd leaked file descriptors when listing all volumes for a p ... oval:org.secpod.oval:def:202942 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. libvirt invokes the PolicyKit pkcheck utility to handle authorization. A race condi ... oval:org.secpod.oval:def:203019 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domai ... oval:org.secpod.oval:def:203496 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt"s qemuDomainGetBlockIoTune ... oval:org.secpod.oval:def:204727 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * An industry-wide issue was found in the way many modern micro ... oval:org.secpod.oval:def:89050330 This update for libvirt fixes the following issues: - CVE-2020-14339: Don"t leak /dev/mapper/control into QEMU. Use ioctl"s to obtain the dependency tree of disks and drop use of libdevmapper. - bsc#1161883, bsc#1174458 - qemu: Setup emulator thread and cpuset.mems before exec - bsc#1171946 - libxl: ... oval:org.secpod.oval:def:89050440 This update for libvirt fixes the following issues: - CVE-2020-14339: Don"t leak /dev/mapper/control into QEMU. Use ioctl"s to obtain the dependency tree of disks and drop use of libdevmapper. bsc#1161883, bsc#1174458 oval:org.secpod.oval:def:1503495 Updated libvirt packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rati ... oval:org.secpod.oval:def:500274 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. An integer overflow flaw was found in libvirtd"s RPC call handling. An attacker able t ... oval:org.secpod.oval:def:1503325 Updated libvirt packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, i ... oval:org.secpod.oval:def:500126 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. A flaw was found in the way libvirtd handled error reporting for concurrent connection ... oval:org.secpod.oval:def:200305 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. An integer overflow flaw was found in libvirtd"s RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by callin ... oval:org.secpod.oval:def:1802035 qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service . oval:org.secpod.oval:def:502735 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:502734 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: wrong permissions in systemd admin-sock due to missi ... oval:org.secpod.oval:def:1502524 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:205211 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: wrong permissions in systemd admin-sock due to missi ... oval:org.secpod.oval:def:1504742 [5.0.0-4.el7] - logging: restrict sockets to mode 0600 [Orabug: 29861433] {CVE-2019-10132} - locking: restrict sockets to mode 0600 [Orabug: 29861433] {CVE-2019-10132} - admin: reject clients unless their UID matches the current UID [Orabug: 29861433] {CVE-2019-10132} oval:org.secpod.oval:def:116553 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:501531 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. It was found that QEMU"s qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions did not correctly perform a domain unlock on a failed ACL check. A remote at ... oval:org.secpod.oval:def:107962 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:501178 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domai ... oval:org.secpod.oval:def:107013 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:1500553 Updated libvirt packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating ... oval:org.secpod.oval:def:108407 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:501482 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver ... oval:org.secpod.oval:def:501398 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt"s qemuDomainGetBlockIoTune ... oval:org.secpod.oval:def:1500634 It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read th ... oval:org.secpod.oval:def:501456 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt"s qemuDomainGetBlockIoTune ... oval:org.secpod.oval:def:106373 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:105943 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:501105 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. libvirt invokes the PolicyKit pkcheck utility to handle authorization. A race condi ... oval:org.secpod.oval:def:1504736 [5.7.0-13.el7] - domain groups: Fix multiple Domain Group vCPU administration flaws [Orabug: 31145304] - qemu: fix missing #if defined - build: Fix qemu-submodule-init syntax-check issue - libvirt: Fix various introduced Fedora/RHEL build violations [Orabug: 31143337] - qemu: don"t hold both job ... oval:org.secpod.oval:def:501297 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML document ... oval:org.secpod.oval:def:501347 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML document ... oval:org.secpod.oval:def:89047394 This update for wireshark fixes the following issues: Update to version 3.6.1: - CVE-2021-4185: RTMPT dissector infinite loop - CVE-2021-4184: BitTorrent DHT dissector infinite loop - CVE-2021-4183: pcapng file parser crash - CVE-2021-4182: RFC 7468 file parser infinite loop - CVE-2021-4181: Sys ... oval:org.secpod.oval:def:1503838 Updated libvirt packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rat ... oval:org.secpod.oval:def:500903 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd"s RPC call handling. An attacker able to establish a r ... oval:org.secpod.oval:def:500872 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd"s RPC call handling. An attacker able to establish a r ... oval:org.secpod.oval:def:500999 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was discovered that libvirt made certain invalid assumptions about dnsmasq"s com ... oval:org.secpod.oval:def:500956 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in the way libvirtd handled connection cleanup under certain erro ... oval:org.secpod.oval:def:202385 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Bus and device IDs were ignored when attempting to attach multiple USB devices with ... oval:org.secpod.oval:def:1500053 Updated libvirt packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having lowsecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is ... oval:org.secpod.oval:def:202511 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Bus and device IDs were ignored when attempting to attach multiple USB devices with ... oval:org.secpod.oval:def:1503754 Updated libvirt packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1503635 Updated libvirt packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a ... oval:org.secpod.oval:def:500818 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Bus and device IDs were ignored when attempting to attach multiple USB devices with ... oval:org.secpod.oval:def:1800496 It was found that setting VNC password to empty string doesn"t work in a way as it"s documented. The documented semantics of setting the password to an empty string are that it disables all access to the VNC server, however in fact it allows all users access with no authentication required instead. oval:org.secpod.oval:def:1501628 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvir ... oval:org.secpod.oval:def:501918 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvir ... oval:org.secpod.oval:def:1505295 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:503294 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: NULL pointer dereference after running qemuAgentComm ... oval:org.secpod.oval:def:205345 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: NULL pointer dereference after running qemuAgentComm ... oval:org.secpod.oval:def:1503049 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:205141 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a later upstream version: libvir ... oval:org.secpod.oval:def:502292 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: Resource exhaustion via qemuMonitorIORead method * ... oval:org.secpod.oval:def:204842 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: Resource exhaustion via qemuMonitorIORead method * ... oval:org.secpod.oval:def:113845 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:89003061 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd . - CVE-20 ... oval:org.secpod.oval:def:89003059 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd . - CVE-20 ... oval:org.secpod.oval:def:89002074 This update for libvirt provides several fixes. This security issue was fixed: - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead method which allowed to cause DoS . These security issues were fixed: - Add a qemu hook script providing functionality similar to Xen"s block-dmmd script. ... oval:org.secpod.oval:def:1800725 libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. oval:org.secpod.oval:def:89003031 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd . - CVE-20 ... oval:org.secpod.oval:def:89003308 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd . - CVE-20 ... oval:org.secpod.oval:def:113780 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:114070 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:1502256 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1800663 libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. oval:org.secpod.oval:def:1502549 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:204817 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: Resource exhaustion via qemuMonitorIORead method * ... oval:org.secpod.oval:def:89003330 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd . - CVE-20 ... oval:org.secpod.oval:def:89045010 This update for libvirt fixes the following issues: Security issue fixed: - CVE-2017-1000256: Ensure TLS clients always verify the server certificate in the serial/TLS support. Non security issue fixed: - libvirt-daemon-qemu requires libvirt-daemon-driver-storage oval:org.secpod.oval:def:502319 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: Resource exhaustion via qemuMonitorIORead method * ... oval:org.secpod.oval:def:89050621 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd . - CVE-20 ... oval:org.secpod.oval:def:89050628 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd . - CVE-20 ... oval:org.secpod.oval:def:1700108 util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. oval:org.secpod.oval:def:1502213 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:4501157 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:1505670 qemu-kvm [4.2.1.16.el8] - Document CVE-2021-4145 as fixed [Orabug: 33791496] {CVE-2021-4145} - migration: Tally pre-copy, downtime and post-copy bytes independently - migration: Introduce ram_transferred_add - ACPI ERST: specification for ERST support - ACPI ERST: step 6 of bios-tables-test.c - ... oval:org.secpod.oval:def:89049176 This update for libvirt fixes the following issues: Security fixes: * CVE-2023-3750: Fixed mproper locking in virStoragePoolObjListSearch that may lead to denial of service . Other fixes: * build library with support for modular daemons . oval:org.secpod.oval:def:89049018 This update for libvirt fixes the following issues: * CVE-2023-2700: virpci: Resolve leak in virPCIVirtualFunctionList * apparmor: Add support for local profile customizations * qemu: Fix cdrom media change * qemu: Fix potential crash during driver cleanup oval:org.secpod.oval:def:507826 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:89048931 This update for libvirt fixes the following issues: * CVE-2023-2700: Fixed a memory leak that could be triggered by repeatedly querying an SR-IOV PCI device"s capabilities . Non-security fixes: * Fixed a potential crash during driver cleanup . * Added Apparmor support for SUSE edk2 firmware paths . ... oval:org.secpod.oval:def:1506767 hivex libguestfs [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101280 [1:1.44.0-8] ... oval:org.secpod.oval:def:127144 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:1506619 [9.0.0-10.2.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [9.0.0-10.2.el9_2] - virpci: Resolve leak in virPCIVirtualFunctionList cleanup oval:org.secpod.oval:def:509077 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:507717 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:1506733 hivex libguestfs [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101280 [1:1.44.0-8] ... oval:org.secpod.oval:def:1505685 hivex [1.3.18-23] - Limit recursion in ri-records resolves: rhbz#1976194 [1.3.18-22.el8] - Resolves: bz#2000225 libguestfs [1.44.0-5.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ... oval:org.secpod.oval:def:4500929 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:89047527 This update for libvirt fixes the following issues: - CVE-2022-0897: Fixed a crash in nwfilter when counting number of network filters . The following non-security bugs were fixed: - qemu: Improve save operation by increasing pipe size c61d1e9b-virfile-set-pipe-size.patch, 47d6d185-virfile-fix-inden ... oval:org.secpod.oval:def:89049040 This update for libvirt fixes the following issues: * CVE-2022-0897: Fixed crash when counting number of network filters . Bug fixes: * qemu: Fixed potential crash during driver cleanup . * libxl: Marked auto-allocated graphics ports to used on reconnect. * libxl: Released all auto-allocated graphic ... oval:org.secpod.oval:def:507403 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a later upstream version: libvir ... oval:org.secpod.oval:def:89047506 This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults oval:org.secpod.oval:def:3300435 SUSE Security Update: Security update for libvirt oval:org.secpod.oval:def:1505748 libvirt [5.7.0-33.el7] - qemu: refresh vNUMA/SMT pinning. [Orabug: 34083505] - qemu driver: Check exadataConfig and packCPUs whenever vNUMA/SMT applies [Orabug: 34023508] - nwfilter: fix crash when counting number of network filters [Orabug: 33973639] {CVE-2022-0897} libvirt-python [5.7.0-33.el7] ... oval:org.secpod.oval:def:5800057 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a later upstream version: libvir ... oval:org.secpod.oval:def:87143 [8.5.0-7.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [8.5.0-7] - security_selinux: Dont ignore NVMe disks when setting image label [8.5.0-6] - qemu_process: Destroy domains namespace after killing QEMU [8.5.0-5] - rpc: Pass OPENSSL_CONF through to ssh invocations [8.5.0-4] - qe ... oval:org.secpod.oval:def:4501380 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:1506326 hivex libguestfs [1.40.2-28.0.4] - v2v: Cope with libvirt vpx/esx driver which does not set [Orabug: 34026544] [1.40.2-28.0.3] - virt-v2v: Specify backing file format to qemu-img command [Orabug: 33906330] - Require "kernel-uek" RPM for installation instead of "kernel" [Orabug: 33986812] [1.40.2-28. ... oval:org.secpod.oval:def:2500450 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:89047285 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2021-3631: fix SELinux label generation logic - CVE-2021-3667: Unlock object on ACL fail in storagePoolLookupByTargetPath Non-security issues fixed: - virtlockd: Don"t report error if lockspace exists - Don"t forcibl ... oval:org.secpod.oval:def:1505420 libguestfs-winsupport [8.2] - Resolves: bz#1810193 libguestfs [1.40.2-28.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.40.2-28] - daemon: lvm: Use lvcreate --yes to avoid i ... oval:org.secpod.oval:def:506505 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:2500506 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:4501389 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:1505231 libvirt [6.0.0-35.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 oval:org.secpod.oval:def:89050454 This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros . - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces . - qemu: Adjust max memlock on mdev hotplug . - Xen: Don"t add dom0 twice on driver reload . - vird ... oval:org.secpod.oval:def:74239 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:89050308 This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros . - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces . - qemu: Avoid stale capabilities cache host CPU or kernel command line changes . - virdevmapper: H ... oval:org.secpod.oval:def:1504754 [5.7.0-21.el7] - exadata: Fix the validation when defining domain groups [Orabug: 32085856] - Revert "qemu: dont take agent and monitor job for shutdown" [Orabug: 32080283] - Revert "qemu: dont hold a monitor and agent job for reboot" [Orabug: 32080283] - Revert "qemu: dont hold monitor and agent ... oval:org.secpod.oval:def:68020 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:89050363 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2020-10703: Fixed a daemon crash caused by pools without target paths . - CVE-2020-12430: Fixed a memory leak in qemuDomainGetStatsIOThread . Non-security issues fixed: - Support setting credit2 scheduler parameters for ... oval:org.secpod.oval:def:89000090 This update for libvirt fixes the following issues: Security issue fixed: - CVE-2020-10703: Fixed a daemon crash caused by pools without target paths . Non-security issues fixed: - apparmor: avoid copying empty profile name . - logging: ensure virtlogd rollover takes priority over logrotate . - qemu ... oval:org.secpod.oval:def:205620 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: Potential DoS by holding a monitor job while queryin ... oval:org.secpod.oval:def:1505306 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:504698 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:89000439 This update for libvirt fixes the following issues: Security issue fixed: - CVE-2020-10703: Fixed a daemon crash caused by pools without target paths . Non-security issues fixed: - apparmor: avoid copying empty profile name . - logging: ensure virtlogd rollover takes priority over logrotate . - qemu ... oval:org.secpod.oval:def:89000499 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2020-10703: Fixed a daemon crash caused by pools without target paths . - CVE-2020-12430: Fixed a memory leak in qemuDomainGetStatsIOThread . Non-security issues fixed: - Support setting credit2 scheduler parameters for ... oval:org.secpod.oval:def:2500103 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:1801778 A flaw was found in libvirt. A pool created without a target path may lead to segmentation fault and denial of service. This issue may be triggered by a read only user. oval:org.secpod.oval:def:4500038 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:4500940 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:4500971 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:506291 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:1505427 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506406 libvirt [8.0.0-10.1.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 oval:org.secpod.oval:def:1506145 hivex [1.3.18-21] - Bounds check for block exceeding page length resolves: rhbz#1950501 [1.3.18] - Resolves: bz#1810193 [1.3.18] - Resolves: bz#1810193 [1.3.15-7] - Rebuild all virt packages to fix RHEL"s upgrade path - Resolves: rhbz#1695587 [1.3.15-6] - Drop hivex-static subpackage resolves: r ... oval:org.secpod.oval:def:1505063 hivex [1.3.18-21] - Bounds check for block exceeding page length resolves: rhbz#1950501 libvirt [6.0.0-35.1.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 = 1:10.2.5 - Disable parallel builds [6.0.0-35.1.el8] - network: make it safe to call netwo ... oval:org.secpod.oval:def:1506723 hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt [5.7.0-40] - build: change dependency to allow post install erasing of /usr/bin/nc [Orabug: 35289777] - util: Make virFileClose quiet on success [Orabug: 35090886] [5.7.0-39] - exadata: update maxvcpus for vNUMA only [Orabug: 34863357 ... oval:org.secpod.oval:def:1506173 libguestfs [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101280 [1:1.44.0-8] - Obs ... oval:org.secpod.oval:def:1505761 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:4501202 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:1506463 libvirt [5.7.0-38.el8] - qemu: Don"t report spurious errors from vCPU tid validation on hotunplug timeout [Orabug: 34826758] - security: fix SELinux label generation logic [Orabug: 34773029] {CVE-2021-3631} - qemu: Set default qdisc before setting bandwidth [Orabug: 34724925] - qemu: Taint cpu ho ... oval:org.secpod.oval:def:2500706 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:507453 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:507336 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:2500267 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:1505454 qemu-kvm [4.2.0-59.el8_5] - kvm-hw-scsi-scsi-disk-MODE_PAGE_ALLS-not-allowed-in-MODE.patch [bz#2025605] - kvm-e1000-fix-tx-re-entrancy-problem.patch [bz#2025011] - Resolves: bz#2025605 - Resolves: bz#2025011 oval:org.secpod.oval:def:4501250 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:2500263 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:1700215 Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writin ... oval:org.secpod.oval:def:1502508 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502510 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89003354 This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling - CVE-2018-12130: Microarch ... oval:org.secpod.oval:def:116625 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:116622 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:502712 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * A flaw was found in the implementation of the "fill buff ... oval:org.secpod.oval:def:502714 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:116638 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:502725 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * A flaw was found in the implementation of the "fill buff ... oval:org.secpod.oval:def:89050887 This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling - CVE-2018-12130: Microarch ... oval:org.secpod.oval:def:89003453 This update for libvirt fixes the following issues: Four new speculative execution information leak issu Store Buffer Data Sampling - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling - CVE-2018-12130: Microarchitectural Load Port Data Sampling - CVE-2019-11091: Microarchitectural Data ... oval:org.secpod.oval:def:89003205 This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling - CVE-2018-12130: Microarch ... oval:org.secpod.oval:def:205205 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * A flaw was found in the implementation of the "fill buff ... oval:org.secpod.oval:def:89050629 This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling - CVE-2018-12130: Microarch ... oval:org.secpod.oval:def:205202 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * A flaw was found in the implementation of the "fill buff ... oval:org.secpod.oval:def:502299 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * An industry-wide issue was found in the way many modern micro ... oval:org.secpod.oval:def:204839 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * An industry-wide issue was found in the way many modern micro ... oval:org.secpod.oval:def:1502096 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502098 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:114685 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:1700060 An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent.qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service via a large QEMU reply.An industry-wide issue was found in the way many modern micr ... oval:org.secpod.oval:def:1502223 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502227 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89002442 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka quot;SpectreAttackquot; . - CVE-2018-1064: Fixed denial of service when reading from guest agent . - CVE-2018-5748: Fixed possible denial of service when readin ... oval:org.secpod.oval:def:114874 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:1700047 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Store instructions . It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which ... oval:org.secpod.oval:def:89002493 This update for libvirt fixes the following issues: - CVE-2018-3639: cpu: Added support for "ssbd" and "virt-ssbd" CPUID feature bits pass through. oval:org.secpod.oval:def:204811 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * An industry-wide issue was found in the way many modern micro ... oval:org.secpod.oval:def:89002245 This update for libvirt fixes the following issues: Security issue fixed: - CVE-2018-3639: Add support for "ssbd" and "virt-ssbd" CPUID feature bits to address V4 Speculative Store Bypass aka quot;Memory Disambiguationquot; . Bug fixes: - bsc#1094325: Enable virsh blockresize for XEN guests . - bsc# ... oval:org.secpod.oval:def:89002120 This update for libvirt and virt-manager fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka quot;SpectreAttackquot; . - CVE-2018-6764: Fixed guest executable code injection via libnss_dns.so loaded by libvirt_lxc before init . - CVE-20 ... oval:org.secpod.oval:def:1700003 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative exe ... oval:org.secpod.oval:def:502304 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * An industry-wide issue was found in the way many modern micro ... oval:org.secpod.oval:def:204802 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * An industry-wide issue was found in the way many modern micro ... oval:org.secpod.oval:def:502324 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * An industry-wide issue was found in the way many modern micro ... oval:org.secpod.oval:def:1506773 hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt libvirt-dbus libvirt-python nbdkit netcf perl-Sys-Virt qemu-kvm [6.1.1-6-el8] - CVE-2023-1544 is not applicable to Oracle QEMU 6.1.1 [Orabug: 35305727] {CVE-2023-1544} - virtio-gpu: do not byteswap padding [Orabug: 35304723] - ... oval:org.secpod.oval:def:89051694 This update for libvirt fixes the following issues: * CVE-2024-2496: Fixed NULL pointer dereference in udevConnectListAllInterfaces . * CVE-2024-1441: Fix off-by-one error in udevListInterfacesByStatus oval:org.secpod.oval:def:89051727 This update for libvirt fixes the following issues: * CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. * CVE-2024-2496: Fixed NULL pointer dereference in udevConnectListAllInterfaces . * CVE-2024-1441: Fix off-by-one error in udevListInterfacesByStat ... oval:org.secpod.oval:def:127380 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:89051715 This update for libvirt fixes the following issues: * CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. The following non-security bug was fixed: * Avoid memleak in virNodeDeviceGetPCIVPDDynamicCap . oval:org.secpod.oval:def:89051706 This update for libvirt fixes the following issues: * CVE-2024-2494: Fixed negative g_new0 length leading to unbounded memory allocation . oval:org.secpod.oval:def:89051704 This update for libvirt fixes the following issues: * CVE-2024-2494: Fixed negative g_new0 length can lead to unbounded memory allocation . |