Ubuntu Update For Libvirt USN-2404-1 Network Vulnerability

Summary

Check the version of libvirt

Solution

Please Install the Updated Packages.

Insight

Pavel Hrdina discovered that libvirt incorrectly handled locking when processing the virConnectListAllDomains command. An attacker could use this issue to cause libvirtd to hang, resulting in a denial of service. (CVE-2014-3657) Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An attacker with read-only privileges could possibly use this to gain access to certain information from the domain xml file. (CVE-2014-7823)

Affected

libvirt on Ubuntu 14.10 , Ubuntu 14.04 LTS

Detection

Get the installed version with the help of detect NVT and check if the version is vulnerable or not.

Severity

Classification

CVE CVE-2014-3657, CVE-2014-7823
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Ubuntu Update for backuppc USN-1444-1
Ubuntu Update for apport USN-2007-1
Ubuntu Update for boost vulnerabilities USN-570-1
Ubuntu Update for colord USN-1289-1
Ubuntu Update for curl USN-2048-1

Ubuntu Update for libvirt USN-2404-1

Take action and discover your vulnerabilities