Ubuntu Local Security Checks : Ubuntu Update for libvirt USN-2366-1

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.841990

Categoría: Ubuntu Local Security Checks

Título: Ubuntu Update for libvirt USN-2366-1

Resumen: The remote host is missing an update for the 'libvirt'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'libvirt'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Daniel P. Berrange and Richard Jones discovered that libvirt incorrectly
handled XML documents containing XML external entity declarations. An
attacker could use this issue to cause libvirtd to crash, resulting in a
denial of service on all affected releases, or possibly read arbitrary
files if fine grained access control was enabled on Ubuntu 14.04 LTS.
(CVE-2014-0179, CVE-2014-5177)

Luyao Huang discovered that libvirt incorrectly handled certain blkiotune
queries. An attacker could use this issue to cause libvirtd to crash,
resulting in a denial of service. This issue only applied to Ubuntu 12.04
LTS and Ubuntu 14.04 LTS. (CVE-2014-3633)

Affected Software/OS:
libvirt on Ubuntu 14.04 LTS,
Ubuntu 12.04 LTS,
Ubuntu 10.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-0179
Debian Security Information: DSA-3038 (Google Search)
http://www.debian.org/security/2014/dsa-3038
http://security.gentoo.org/glsa/glsa-201412-04.xml
RedHat Security Advisories: RHSA-2014:0560
http://rhn.redhat.com/errata/RHSA-2014-0560.html
http://secunia.com/advisories/60895
SuSE Security Announcement: openSUSE-SU-2014:0650 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html
SuSE Security Announcement: openSUSE-SU-2014:0674 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html
http://www.ubuntu.com/usn/USN-2366-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-5177
Common Vulnerability Exposure (CVE) ID: CVE-2014-3633
RedHat Security Advisories: RHSA-2014:1352
http://rhn.redhat.com/errata/RHSA-2014-1352.html
http://secunia.com/advisories/60291
SuSE Security Announcement: openSUSE-SU-2014:1290 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html
SuSE Security Announcement: openSUSE-SU-2014:1293 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html

Copyright Copyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.841990
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for libvirt USN-2366-1
Resumen:	The remote host is missing an update for the 'libvirt'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the referenced advisory. Vulnerability Insight: Daniel P. Berrange and Richard Jones discovered that libvirt incorrectly handled XML documents containing XML external entity declarations. An attacker could use this issue to cause libvirtd to crash, resulting in a denial of service on all affected releases, or possibly read arbitrary files if fine grained access control was enabled on Ubuntu 14.04 LTS. (CVE-2014-0179, CVE-2014-5177) Luyao Huang discovered that libvirt incorrectly handled certain blkiotune queries. An attacker could use this issue to cause libvirtd to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3633) Affected Software/OS: libvirt on Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, Ubuntu 10.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0179 Debian Security Information: DSA-3038 (Google Search) http://www.debian.org/security/2014/dsa-3038 http://security.gentoo.org/glsa/glsa-201412-04.xml RedHat Security Advisories: RHSA-2014:0560 http://rhn.redhat.com/errata/RHSA-2014-0560.html http://secunia.com/advisories/60895 SuSE Security Announcement: openSUSE-SU-2014:0650 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html SuSE Security Announcement: openSUSE-SU-2014:0674 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html http://www.ubuntu.com/usn/USN-2366-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-5177 Common Vulnerability Exposure (CVE) ID: CVE-2014-3633 RedHat Security Advisories: RHSA-2014:1352 http://rhn.redhat.com/errata/RHSA-2014-1352.html http://secunia.com/advisories/60291 SuSE Security Announcement: openSUSE-SU-2014:1290 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html SuSE Security Announcement: openSUSE-SU-2014:1293 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html
Copyright	Copyright (C) 2014 Greenbone Networks GmbH