Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0401)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0401

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0401)

Resumen: The remote host is missing an update for the 'libvirt' package(s) announced via the MGASA-2014-0401 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libvirt' package(s) announced via the MGASA-2014-0401 advisory.

Vulnerability Insight:
Updated libvirt packages fix security vulnerabilities:

An out-of-bounds read flaw was found in the way libvirt's
qemuDomainGetBlockIoTune() function looked up the disk index in a
non-persistent (live) disk configuration while a persistent disk
configuration was being indexed. A remote attacker able to establish a
read-only connection to libvirtd could use this flaw to crash libvirtd or,
potentially, leak memory from the libvirtd process (CVE-2014-3633).

A denial of service flaw was found in the way libvirt's
virConnectListAllDomains() function computed the number of used domains.
A remote attacker able to establish a read-only connection to libvirtd
could use this flaw to make any domain operations within libvirt
unresponsive (CVE-2014-3657).

Affected Software/OS:
'libvirt' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3633
60291
http://secunia.com/advisories/60291
60895
http://secunia.com/advisories/60895
DSA-3038
http://www.debian.org/security/2014/dsa-3038
GLSA-201412-04
http://security.gentoo.org/glsa/glsa-201412-04.xml
RHSA-2014:1352
http://rhn.redhat.com/errata/RHSA-2014-1352.html
USN-2366-1
http://www.ubuntu.com/usn/USN-2366-1
http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b
http://security.libvirt.org/2014/0004.html
openSUSE-SU-2014:1290
http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html
openSUSE-SU-2014:1293
http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-3657
62303
http://secunia.com/advisories/62303
USN-2404-1
http://www.ubuntu.com/usn/USN-2404-1
http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fc22b2e74890873848b43fffae43025d22053669
http://security.libvirt.org/2014/0005.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0401
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0401)
Resumen:	The remote host is missing an update for the 'libvirt' package(s) announced via the MGASA-2014-0401 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the MGASA-2014-0401 advisory. Vulnerability Insight: Updated libvirt packages fix security vulnerabilities: An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process (CVE-2014-3633). A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive (CVE-2014-3657). Affected Software/OS: 'libvirt' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3633 60291 http://secunia.com/advisories/60291 60895 http://secunia.com/advisories/60895 DSA-3038 http://www.debian.org/security/2014/dsa-3038 GLSA-201412-04 http://security.gentoo.org/glsa/glsa-201412-04.xml RHSA-2014:1352 http://rhn.redhat.com/errata/RHSA-2014-1352.html USN-2366-1 http://www.ubuntu.com/usn/USN-2366-1 http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b http://security.libvirt.org/2014/0004.html openSUSE-SU-2014:1290 http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html openSUSE-SU-2014:1293 http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3657 62303 http://secunia.com/advisories/62303 USN-2404-1 http://www.ubuntu.com/usn/USN-2404-1 http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fc22b2e74890873848b43fffae43025d22053669 http://security.libvirt.org/2014/0005.html
Copyright	Copyright (C) 2022 Greenbone AG