Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.871325 |
Kategorie: | Red Hat Local Security Checks |
Titel: | RedHat Update for libvirt RHSA-2015:0323-01 |
Zusammenfassung: | The remote host is missing an update for the 'libvirt'; package(s) announced via the referenced advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the referenced advisory. Vulnerability Insight: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. It was found that QEMU's qemuDomainMigratePerform() and qemuDomainMigrateFinish2() functions did not correctly perform a domain unlock on a failed ACL check. A remote attacker able to establish a connection to libvirtd could use this flaw to lock a domain of a more privileged user, causing a denial of service. (CVE-2014-8136) It was discovered that the virDomainSnapshotGetXMLDesc() and virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a connection to libvirtd could use this flaw to obtain certain sensitive information from the domain XML file. (CVE-2015-0236) The CVE-2015-0236 issue was found by Luyao Huang of Red Hat. Bug fixes: * The libvirtd daemon previously attempted to search for SELinux contexts even when SELinux was disabled on the host. Consequently, libvirtd logged 'Unable to lookup SELinux process context' error messages every time a client connected to libvirtd and SELinux was disabled. libvirtd now verifies whether SELinux is enabled before searching for SELinux contexts, and no longer logs the error messages on a host with SELinux disabled. (BZ#1135155) * The libvirt utility passed incomplete PCI addresses to QEMU. Consequently, assigning a PCI device that had a PCI address with a non-zero domain to a guest failed. Now, libvirt properly passes PCI domain to QEMU when assigning PCI devices, which prevents the described problem. (BZ#1127080) * Because the virDomainSetMaxMemory API did not allow changing the current memory in the LXC driver, the 'virsh setmaxmem' command failed when attempting to set the maximum memory to be lower than the current memory. Now, 'virsh setmaxmem' sets the current memory to the intended value of the maximum memory, which avoids the mentioned problem. (BZ#1091132) * Attempting to start a non-existent domain caused network filters to stay locked for read-only access. Because of this, subsequent attempts to gain read-write access to network filters triggered a deadlock. Network filters are now properly unlocked in the described scenario, and the deadlock no longer occurs. (BZ#1088864) * If a guest configuration had an active nwfilter using the DHCP snooping feature and an attempt was made to terminate libvirtd before the associated nwfilter rule snooped the guest IP address from DHCP packets, libvirtd became unresponsive. This problem has been fixed by se ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: libvirt on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-8136 http://www.mandriva.com/security/advisories?name=MDVSA-2015:023 http://www.mandriva.com/security/advisories?name=MDVSA-2015:070 RedHat Security Advisories: RHSA-2015:0323 http://rhn.redhat.com/errata/RHSA-2015-0323.html http://secunia.com/advisories/61111 SuSE Security Announcement: openSUSE-SU-2015:0006 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.html SuSE Security Announcement: openSUSE-SU-2015:0008 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html http://www.ubuntu.com/usn/USN-2867-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-0236 http://www.mandriva.com/security/advisories?name=MDVSA-2015:035 http://secunia.com/advisories/62766 SuSE Security Announcement: openSUSE-SU-2015:0225 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html |
Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |