Описание
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libvirt | fixed | 2.2.0-1 | package | |
| libvirt | no-dsa | jessie | package | |
| libvirt | no-dsa | wheezy | package | |
| libvirt | end-of-life | squeeze | package |
Примечания
libvirt side fixed with: http://libvirt.org/git/?p=libvirt.git;a=commit;h=d53d465083edeb64cc7b78249c030734c0d91c6b
https://libvirt.org/git/?p=libvirt.git;a=commit;h=a1344f70a128921e7fe7213da7c1afbc962fba9c
and needs at least Qemu 2.6, which is satisfied in Stretch and later.
https://bugzilla.redhat.com/show_bug.cgi?id=1182074 (not yet opened)
https://www.redhat.com/archives/libvir-list/2011-November/msg00853.html
Needs changes in QEMU for passing passwords. Affects at least iSCSI and rbd/ceph.
EPSS
Связанные уязвимости
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
ELSA-2016-2577: libvirt security, bug fix, and enhancement update (MODERATE)
EPSS