All errata/sisyphus/ALT-PU-2015-2160-1
ALT-PU-2015-2160-1

Package update libvirt in branch sisyphus

Version1.3.0-alt1
Task#155157
Published2015-12-22
Max severityMEDIUM
Severity:

Closed issues (2)

CVE-2014-3672
MEDIUM6.5

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.

Published: 2016-05-25Modified: 2025-04-12
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
References
CVE-2015-5313
LOW2.5

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.

Published: 2016-04-11Modified: 2025-04-12
CVSS 2.0LOW 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:P/A:N
CVSS 3.xLOW 2.5
CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
References