Mandriva Linux Security Advisory 2015-115 - The LXC driver in libvirt 1.0.1 through 1.2.1 allows local users to delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the virDomainReboot API and a symlink attack on /dev/initctl in the container, related to paths under /proc//root and the virInitctlSetRunLevel function. Various other issues have also been addressed.
6ae8444cee405a1fa17b4071c1f7b85b191e5b4db7e6d53ab6a0a1a1d4adf05dGentoo Linux Security Advisory 201412-4 - Multiple vulnerabilities have been found in libvirt, worst of which allows context-dependent attackers to escalate privileges. Versions less than 1.2.9-r2 are affected.
04c111d3cb8f6077f1f1c216f9e56106ab6e31444d537f25d03e8ab04ca85eb1Ubuntu Security Notice 2366-1 - Daniel P. Berrange and Richard Jones discovered that libvirt incorrectly handled XML documents containing XML external entity declarations. An attacker could use this issue to cause libvirtd to crash, resulting in a denial of service on all affected releases, or possibly read arbitrary files if fine grained access control was enabled on Ubuntu 14.04 LTS. Luyao Huang discovered that libvirt incorrectly handled certain blkiotune queries. An attacker could use this issue to cause libvirtd to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
02dbf1264d90f9aa14f459ed2d1774ac83a6b77b75e361cb24f526417195c704Debian Linux Security Advisory 3038-1 - Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library.
1a4a88bcc37a4dfcaefe8151a6a76a58d64abfb087ff4bbc6d0d4dbe95432653Red Hat Security Advisory 2014-0914-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read the contents of that file; parsing an XML document with an entity pointing to a special file that blocks on read access could cause libvirtd to hang indefinitely, resulting in a denial of service on the system.
b6fcc61dfddaf9d23f4a2878fd17d80425194d0b93a2dc75f49e2a5b48cddc15Red Hat Security Advisory 2014-0560-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a special file that blocks on read access could use this flaw to cause libvirtd to hang indefinitely, resulting in a denial of service on the system.
94239f6d883bee6d500f9c0488f7c3ba34b9d4128102a893c9f3c00863ef0452Mandriva Linux Security Advisory 2014-097 - The LXC driver in libvirt 1.0.1 through 1.2.1 allows local users to delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the virDomainReboot API and a symlink attack on /dev/initctl in the container, related to paths under /proc//root and the virInitctlSetRunLevel function. libvirt was patched to prevent expansion of entities when parsing XML files. This vulnerability allowed malicious users to read arbitrary files or cause a denial of service. The updated packages have been upgraded to the 1.1.3.5 version and patched to correct these issues.
ed55160db0091a2f3521eb28085c1855960ad5f1a486378894808978a59d4533
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed