Detections
Analytics
Mandriva Linux Security Advisory : libvirt (MDVSA-2014:195)
medium Nessus Plugin ID 78062
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
Multiple vulnerabilities has been discovered and corrected in libvirt :An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process (CVE-2014-3633).
A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive (CVE-2014-3657).
The updated libvirt packages have been upgraded to the 1.1.3.6 version and patched to resolve these security flaws.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Medium
ID: 78062
File Name: mandriva_MDVSA-2014-195.nasl
Version: 1.7
Type: local
Family: Mandriva Local Security Checks
Published: 10/6/2014
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.2
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:lib64virt-devel, p-cpe:/a:mandriva:linux:lib64virt0, p-cpe:/a:mandriva:linux:libvirt-utils, p-cpe:/a:mandriva:linux:python-libvirt, cpe:/o:mandriva:business_server:1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 10/3/2014
Reference Information
CVE: CVE-2014-3633, CVE-2014-3657
MDVSA: 2014:195