Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2014-0103

Опубликовано: 28 янв. 2014
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2014-0103: libvirt security and bug fix update (MODERATE)

[0.10.2-29.0.1.el6_5.3]

  • Replace docs/et.png in tarball with blank image

[0.10.2-29.el6_5.3]

  • qemu: Avoid operations on NULL monitor if VM fails early (rhbz#1055578)
  • qemu: Do not access stale data in virDomainBlockStats (CVE-2013-6458)
  • qemu: Avoid using stale data in virDomainGetBlockInfo (CVE-2013-6458)
  • qemu: Fix job usage in qemuDomainBlockJobImpl (CVE-2013-6458)
  • qemu: Fix job usage in qemuDomainBlockCopy (rhbz#1054804)
  • qemu: Fix job usage in virDomainGetBlockIoTune (CVE-2013-6458)
  • Don't crash if a connection closes early (CVE-2014-1447)
  • Really don't crash if a connection closes early (CVE-2014-1447)

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

libvirt

0.10.2-29.0.1.el6_5.3

libvirt-client

0.10.2-29.0.1.el6_5.3

libvirt-devel

0.10.2-29.0.1.el6_5.3

libvirt-lock-sanlock

0.10.2-29.0.1.el6_5.3

libvirt-python

0.10.2-29.0.1.el6_5.3

Oracle Linux i686

libvirt

0.10.2-29.0.1.el6_5.3

libvirt-client

0.10.2-29.0.1.el6_5.3

libvirt-devel

0.10.2-29.0.1.el6_5.3

libvirt-python

0.10.2-29.0.1.el6_5.3

Связанные CVE

CVE-2013-6458
CVE-2014-1447

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2014-1447

ubuntu
больше 11 лет назад

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.

redhat логотип

CVE-2014-1447

redhat
больше 11 лет назад

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.

nvd логотип

CVE-2014-1447

nvd
больше 11 лет назад

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.

debian логотип

CVE-2014-1447

debian
больше 11 лет назад

Race condition in the virNetServerClientStartKeepAlive function in lib ...

ubuntu логотип

CVE-2013-6458

ubuntu
больше 11 лет назад

Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.