ALT-PU-2018-1019-1
Closed vulnerabilities
BDU:2021-03338
Уязвимость библиотеки управления виртуализацией Libvirt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2022-05679
Уязвимость библиотеки управления виртуализацией Libvirt, связанная с недостаточной блокировкой, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2017-1000256
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
- DSA-4003
- DSA-4003
- https://access.redhat.com/security/cve/CVE-2017-1000256
- https://access.redhat.com/security/cve/CVE-2017-1000256
- https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.html
- https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.html
- [libvirt-announce] 20171016 LSN-2017-0002 - TLS certificate verification disabled for clients
- [libvirt-announce] 20171016 LSN-2017-0002 - TLS certificate verification disabled for clients
Modified: 2024-11-21
CVE-2017-2635
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2635
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2635
- https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=c3de387380f6057ee0e46cd9f2f0a092e8070875
- https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=c3de387380f6057ee0e46cd9f2f0a092e8070875
Modified: 2024-11-21
CVE-2021-4147
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
- https://bugzilla.redhat.com/show_bug.cgi?id=2034195
- https://bugzilla.redhat.com/show_bug.cgi?id=2034195
- [debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update
- [debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update
- https://security.netapp.com/advisory/ntap-20220513-0004/
- https://security.netapp.com/advisory/ntap-20220513-0004/
Closed bugs
Вывести сообщение о необходимости запуска dbus при старте libvirt из под SysV init
Broken USB device passthrough in 3.2.0