libvirt: multiple vulnerabilities
| Package(s): | libvirt | CVE #(s): | CVE-2013-4292 CVE-2013-4297 CVE-2013-4399 CVE-2013-4400 | ||||
| Created: | December 9, 2014 | Updated: | December 10, 2014 | ||||
| Description: | From the CVE entries:
libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c. (CVE-2013-4292) The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors. (CVE-2013-4297) virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. (CVE-2013-4400) Unspecified vulnerability (CVE-2013-4399) | ||||||
| Alerts: |
| ||||||