ALT Linux Team

Package libvirt update in sisyphus on 2015-12-22

ALT-PU-2015-2160-1

Package libvirt updated to version 1.3.0-alt1 for branch sisyphus in task 155157.

Closed vulnerabilities

Published: 2016-05-25
Modified: 2024-11-21

CVE-2014-3672

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
References:
Published: 2016-04-12
Modified: 2024-11-21

CVE-2015-5313

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.

Severity: LOW (2.5) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top