Advisories ยป MGASA-2015-0046

Updated libvirt packages fix CVE-2015-0236

Publication date: 31 Jan 2015
Modification date: 31 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0236

Description

Updated libvirt packages fix security vulnerability:

The XML getters for for save images and snapshots objects don't check ACLs for
the VIR_DOMAIN_XML_SECURE flag and might possibly dump security sensitive
information. A remote attacker able to establish a connection to libvirtd
could use this flaw to cause leak certain limited information from the domain
xml file (CVE-2015-0236).
                

References

SRPMS

4/core