Advisories » MGASA-2014-0051

Updated libvirt packages fix two vulnerabilties

Publication date: 11 Feb 2014
Modification date: 11 Feb 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-6458 , CVE-2014-1447

Description

Updated libvirt packages fix security vulnerabilities:

It was discovered that insecure job usage could lead to denial of service
against libvirtd (CVE-2013-6458).

It was discovered that a race condition in keepalive handling could lead to
denial of service against libvirtd (CVE-2014-1447).
                

References

• http://www.debian.org/security/2014/dsa-2846
• https://bugs.mageia.org/show_bug.cgi?id=12235
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1447

SRPMS

3/core

• libvirt-1.0.2-8.4.mga3