Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0401)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2014.0401

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2014-0401)

Zusammenfassung: The remote host is missing an update for the 'libvirt' package(s) announced via the MGASA-2014-0401 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libvirt' package(s) announced via the MGASA-2014-0401 advisory.

Vulnerability Insight:
Updated libvirt packages fix security vulnerabilities:

An out-of-bounds read flaw was found in the way libvirt's
qemuDomainGetBlockIoTune() function looked up the disk index in a
non-persistent (live) disk configuration while a persistent disk
configuration was being indexed. A remote attacker able to establish a
read-only connection to libvirtd could use this flaw to crash libvirtd or,
potentially, leak memory from the libvirtd process (CVE-2014-3633).

A denial of service flaw was found in the way libvirt's
virConnectListAllDomains() function computed the number of used domains.
A remote attacker able to establish a read-only connection to libvirtd
could use this flaw to make any domain operations within libvirt
unresponsive (CVE-2014-3657).

Affected Software/OS:
'libvirt' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-3633
60291
http://secunia.com/advisories/60291
60895
http://secunia.com/advisories/60895
DSA-3038
http://www.debian.org/security/2014/dsa-3038
GLSA-201412-04
http://security.gentoo.org/glsa/glsa-201412-04.xml
RHSA-2014:1352
http://rhn.redhat.com/errata/RHSA-2014-1352.html
USN-2366-1
http://www.ubuntu.com/usn/USN-2366-1
http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b
http://security.libvirt.org/2014/0004.html
openSUSE-SU-2014:1290
http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html
openSUSE-SU-2014:1293
http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-3657
62303
http://secunia.com/advisories/62303
USN-2404-1
http://www.ubuntu.com/usn/USN-2404-1
http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fc22b2e74890873848b43fffae43025d22053669
http://security.libvirt.org/2014/0005.html

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0401
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0401)
Zusammenfassung:	The remote host is missing an update for the 'libvirt' package(s) announced via the MGASA-2014-0401 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the MGASA-2014-0401 advisory. Vulnerability Insight: Updated libvirt packages fix security vulnerabilities: An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process (CVE-2014-3633). A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive (CVE-2014-3657). Affected Software/OS: 'libvirt' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3633 60291 http://secunia.com/advisories/60291 60895 http://secunia.com/advisories/60895 DSA-3038 http://www.debian.org/security/2014/dsa-3038 GLSA-201412-04 http://security.gentoo.org/glsa/glsa-201412-04.xml RHSA-2014:1352 http://rhn.redhat.com/errata/RHSA-2014-1352.html USN-2366-1 http://www.ubuntu.com/usn/USN-2366-1 http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b http://security.libvirt.org/2014/0004.html openSUSE-SU-2014:1290 http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html openSUSE-SU-2014:1293 http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3657 62303 http://secunia.com/advisories/62303 USN-2404-1 http://www.ubuntu.com/usn/USN-2404-1 http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fc22b2e74890873848b43fffae43025d22053669 http://security.libvirt.org/2014/0005.html
Copyright	Copyright (C) 2022 Greenbone AG