Advisories » MGASA-2016-0103

Updated libvirt packages fix security vulnerability

Publication date: 09 Mar 2016
Modification date: 09 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5313

Description

A path-traversal flaw was found in the way the libvirt daemon handled
file-system names for storage volumes. A libvirt user with privileges to
create storage volumes and without privileges to create and modify domains
could possibly use this flaw to escalate their privileges (CVE-2015-5313).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17417
• https://lists.fedoraproject.org/pipermail/package-announce/2015-December/174404.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5313

SRPMS

5/core

• libvirt-1.2.9.3-1.3.mga5