Описание
Security update for libvirt
This update for libvirt fixes the following issue:
- CVE-2016-5008: empty VNC password disables authentication (boo#987527)
Список пакетов
openSUSE Leap 42.1
libvirt-1.2.18.2-11.1
libvirt-client-1.2.18.2-11.1
libvirt-client-32bit-1.2.18.2-11.1
libvirt-daemon-1.2.18.2-11.1
libvirt-daemon-config-network-1.2.18.2-11.1
libvirt-daemon-config-nwfilter-1.2.18.2-11.1
libvirt-daemon-driver-interface-1.2.18.2-11.1
libvirt-daemon-driver-libxl-1.2.18.2-11.1
libvirt-daemon-driver-lxc-1.2.18.2-11.1
libvirt-daemon-driver-network-1.2.18.2-11.1
libvirt-daemon-driver-nodedev-1.2.18.2-11.1
libvirt-daemon-driver-nwfilter-1.2.18.2-11.1
libvirt-daemon-driver-qemu-1.2.18.2-11.1
libvirt-daemon-driver-secret-1.2.18.2-11.1
libvirt-daemon-driver-storage-1.2.18.2-11.1
libvirt-daemon-driver-uml-1.2.18.2-11.1
libvirt-daemon-driver-vbox-1.2.18.2-11.1
libvirt-daemon-lxc-1.2.18.2-11.1
libvirt-daemon-qemu-1.2.18.2-11.1
libvirt-daemon-uml-1.2.18.2-11.1
libvirt-daemon-vbox-1.2.18.2-11.1
libvirt-daemon-xen-1.2.18.2-11.1
libvirt-devel-1.2.18.2-11.1
libvirt-devel-32bit-1.2.18.2-11.1
libvirt-doc-1.2.18.2-11.1
libvirt-lock-sanlock-1.2.18.2-11.1
libvirt-login-shell-1.2.18.2-11.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1810-1
- SUSE Security Ratings
Описание
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
Затронутые продукты
openSUSE Leap 42.1:libvirt-1.2.18.2-11.1
openSUSE Leap 42.1:libvirt-client-1.2.18.2-11.1
openSUSE Leap 42.1:libvirt-client-32bit-1.2.18.2-11.1
openSUSE Leap 42.1:libvirt-daemon-1.2.18.2-11.1
Ссылки
- CVE-2016-5008
- SUSE Bug 987527