Описание
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libvirt | fixed | 1.2.9-8 | package | |
| libvirt | not-affected | wheezy | package | |
| libvirt | not-affected | squeeze | package |
Примечания
Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=03c3c0c874c84dfa51ef17556062b095c6e1c0a3
Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=b347c0c2a321ec5c20aae214927949832a288c5a
Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=e341435e5090677c67a0d3d4ca0393102054841f (v1.1.0-rc1)
http://security.libvirt.org/2015/0001.html
EPSS
Связанные уязвимости
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
EPSS