CVE-2014-3657)Eric Blake discovered that libvirt incorrectly handled permissions whenprocessing the qemuDomainFormatXML command. An attacker with read-onlyprivileges could possibly use this to gain access to certain informationfrom the domain xml file. (CVE-2014-7823)">

Oval Definition:	oval:org.mitre.oval:def:28138
Revision Date: 2015-03-09 Version: 5 Title: USN-2404-1 -- libvirt vulnerabilities Description: Pavel Hrdina discovered that libvirt incorrectly handled locking whenprocessing the virConnectListAllDomains command. An attacker could use thisissue to cause libvirtd to hang, resulting in a denial of service.(CVE-2014-3657)Eric Blake discovered that libvirt incorrectly handled permissions whenprocessing the qemuDomainFormatXML command. An attacker with read-onlyprivileges could possibly use this to gain access to certain informationfrom the domain xml file. (CVE-2014-7823) Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2014-3657 CVE-2014-7823 USN-2404-1 Platform(s): Ubuntu 14.04 Ubuntu 14.10 Product(s): libvirt Definition Synopsis Ubuntu 14.10 release section Ubuntu 14.10 is installed AND Packages match section libvirt0 is earlier than 0:1.2.8-0ubuntu11.1 OR libvirt-bin is earlier than 0:1.2.8-0ubuntu11.1 Ubuntu 14.04 release section Ubuntu 14.04 is installed AND Packages match section libvirt0 is earlier than 0:1.2.2-0ubuntu13.1.7 OR libvirt-bin is earlier than 0:1.2.2-0ubuntu13.1.7
BACK