Download
| Alert*
oval:org.secpod.oval:def:600994
The recent security update for libvirt was found to cause a regression. The kvm/qemu processes weren"t run as the `kvm` user anymore in order to fix the file/device ownership changes, but the processes where not correctly configured to use the `kvm` group either. When the user would try to run a vir ... oval:org.secpod.oval:def:701753 libvirt0 is installed oval:org.secpod.oval:def:701553 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:601198 Multiple security issues have been found in Libvirt, a virtualisation abstraction library: CVE-2013-6458 It was discovered that insecure job usage could lead to denial of service against libvirtd. CVE-2014-1447 It was discovered that a race condition in keepalive handling could lead to denial of ser ... oval:org.secpod.oval:def:702923 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:32657 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:32656 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:702283 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:702234 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:601790 Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0179 Richard Jones and Daniel P. Berrange found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documen ... oval:org.secpod.oval:def:701946 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:701486 libvirt: Libvirt virtualization toolkit libvirt would allow unintended access privileges. oval:org.secpod.oval:def:701411 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:601113 Daniel P. Berrange discovered that incorrect memory handling in the remoteDispatchDomainMemoryStats function could lead to denial of service. The oldstable distribution is not affected. oval:org.secpod.oval:def:701350 libvirt: Libvirt virtualization toolkit libvirt could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:701152 libvirt: Libvirt virtualization toolkit libvirt could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:600589 It was discovered that libvirt, a library for interfacing with different virtualization systems, is prone to an integer overflow . Additionally, the stable version is prone to a denial of service, because its error reporting is not thread-safe . For the stable distribution , these problems have been ... oval:org.secpod.oval:def:600215 It was discovered that libvirt, a library for interfacing with different virtualization systems, did not properly check for read-only connections. This allowed a local attacker to perform a denial of service or possibly escalate privileges. The oldstable distribution is not affected by this proble ... oval:org.secpod.oval:def:1902013 Insecure permissions for systemd socket for virtlockd/virtlogd The virtlockd-admin.socket and virtlogd-admin.socket unit files do not set the SocketMode parameter and thus create a world accessible UNIX domain socket. Furthermore the code fails to validate the identity of clients connecting to these ... oval:org.secpod.oval:def:32658 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:52164 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:52338 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:52312 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:602554 Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled, allowing any user to ... oval:org.secpod.oval:def:53017 libvirt: Libvirt virtualization toolkit libvirt could be made to crash under certain conditions. oval:org.secpod.oval:def:704824 libvirt: Libvirt virtualization toolkit libvirt could be made to crash under certain conditions. oval:org.secpod.oval:def:57460 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:705057 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:1900703 libvirt0 version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. oval:org.secpod.oval:def:53157 Daniel P. Berrange reported that Libvirt, a virtualisation abstraction library, does not properly handle the default_tls_x509_verify parameters in qemu.conf when setting up TLS clients and servers in QEMU, resulting in TLS clients for character devices and disk devices having verification turned of ... oval:org.secpod.oval:def:51997 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:603950 Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API. Additionally ... oval:org.secpod.oval:def:53274 Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library: CVE-2018-1064 Denial Berrange discovered that the QEMU guest agent performed insufficient validationof incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, ... oval:org.secpod.oval:def:603310 Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library: CVE-2018-1064 Denial Berrange discovered that the QEMU guest agent performed insufficient validationof incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, ... oval:org.secpod.oval:def:603133 Daniel P. Berrange reported that Libvirt, a virtualisation abstraction library, does not properly handle the default_tls_x509_verify parameters in qemu.conf when setting up TLS clients and servers in QEMU, resulting in TLS clients for character devices and disk devices having verification turned of ... oval:org.secpod.oval:def:703988 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:708324 libvirt: Libvirt virtualization toolkit libvirt could be made to stop responding or crash if it received specially crafted commands. oval:org.secpod.oval:def:80404 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:80402 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:2004431 This CVE is missing description oval:org.secpod.oval:def:708878 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:55025 libvirt: Libvirt virtualization toolkit Several issues were addressed in libvirt. oval:org.secpod.oval:def:704951 libvirt: Libvirt virtualization toolkit Several issues were addressed in libvirt. oval:org.secpod.oval:def:51991 libvirt: Libvirt virtualization toolkit Spectre mitigations were added to libvirt. oval:org.secpod.oval:def:703978 libvirt: Libvirt virtualization toolkit Spectre mitigations were added to libvirt. oval:org.secpod.oval:def:51052 libvirt: Libvirt virtualization toolkit Side channel execution mitigations were added to libvirt. oval:org.secpod.oval:def:704118 libvirt: Libvirt virtualization toolkit Side channel execution mitigations were added to libvirt. |