Advisories » MGASA-2015-0046

Updated libvirt packages fix CVE-2015-0236

Publication date: 31 Jan 2015
Modification date: 31 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0236

Description

Updated libvirt packages fix security vulnerability:

The XML getters for for save images and snapshots objects don't check ACLs for
the VIR_DOMAIN_XML_SECURE flag and might possibly dump security sensitive
information. A remote attacker able to establish a connection to libvirtd
could use this flaw to cause leak certain limited information from the domain
xml file (CVE-2015-0236).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15141
• https://bugzilla.redhat.com/show_bug.cgi?id=1184431
• http://security.libvirt.org/2015/0001.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0236

SRPMS

4/core

• libvirt-1.2.1-1.5.mga4