VYPR

rpm package

suse/libvirt&distro=SUSE Linux Enterprise Server 12

pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012

Vulnerabilities (5)

  • CVE-2015-5313LowApr 11, 2016
    affected < 1.2.5-27.10.1fixed 1.2.5-27.10.1

    Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write t

  • CVE-2015-0236Jan 29, 2015
    affected < 1.2.5-27.10.1fixed 1.2.5-27.10.1

    libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.

  • CVE-2014-8136Dec 19, 2014
    affected < 1.2.5-21.1fixed 1.2.5-21.1

    The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

  • CVE-2014-7823Nov 13, 2014
    affected < 1.2.5-21.1fixed 1.2.5-21.1

    The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.

  • CVE-2014-3657Oct 6, 2014
    affected < 1.2.5-21.1fixed 1.2.5-21.1

    The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API c