Описание
Security update for libvirt
This update for libvirt fixes the following issues:
Security issues fixed:
- CVE-2016-5008: empty VNC password disables authentication (bsc#987527)
Bugs fixed:
- bsc#970906: Fixed a race condition in xenstore event handling.
- bsc#952889: Change hap setting to align with Xen behavior.
- Fixed 'make check' failures.
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libvirt-1.2.5-15.3
libvirt-client-1.2.5-15.3
libvirt-client-32bit-1.2.5-15.3
libvirt-doc-1.2.5-15.3
libvirt-lock-sanlock-1.2.5-15.3
perl-Sys-Virt-1.2.5-4.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libvirt-1.2.5-15.3
libvirt-client-1.2.5-15.3
libvirt-client-32bit-1.2.5-15.3
libvirt-doc-1.2.5-15.3
libvirt-lock-sanlock-1.2.5-15.3
perl-Sys-Virt-1.2.5-4.2
SUSE Linux Enterprise Software Development Kit 11 SP4
libvirt-devel-1.2.5-15.3
libvirt-devel-32bit-1.2.5-15.3
Ссылки
- Link for SUSE-SU-2016:1944-1
- E-Mail link for SUSE-SU-2016:1944-1
- SUSE Security Ratings
- SUSE Bug 952889
- SUSE Bug 970906
- SUSE Bug 987527
- SUSE CVE CVE-2016-5008 page
Описание
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libvirt-1.2.5-15.3
SUSE Linux Enterprise Server 11 SP4:libvirt-client-1.2.5-15.3
SUSE Linux Enterprise Server 11 SP4:libvirt-client-32bit-1.2.5-15.3
SUSE Linux Enterprise Server 11 SP4:libvirt-doc-1.2.5-15.3
Ссылки
- CVE-2016-5008
- SUSE Bug 987527