Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2016:2577
HistoryNov 03, 2016 - 6:07 a.m.

(RHSA-2016:2577) Moderate: libvirt security, bug fix, and enhancement update

2016-11-0306:07:14
access.redhat.com
24

EPSS

0.027

Percentile

90.6%

JSON

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

The following packages have been upgraded to a newer upstream version: libvirt (2.0.0). (BZ#830971, BZ#1286679)

Security Fix(es):

  • It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160)

  • A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313)

  • It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008)

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7ppc64libvirt-login-shell< 2.0.0-10.el7libvirt-login-shell-2.0.0-10.el7.ppc64.rpm
RedHat7ppclibvirt-devel< 2.0.0-10.el7libvirt-devel-2.0.0-10.el7.ppc.rpm
RedHat7x86_64libvirt-daemon-driver-interface< 2.0.0-10.el7libvirt-daemon-driver-interface-2.0.0-10.el7.x86_64.rpm
RedHat7ppc64lelibvirt-client< 2.0.0-10.el7libvirt-client-2.0.0-10.el7.ppc64le.rpm
RedHat7ppc64libvirt-daemon-driver-nwfilter< 2.0.0-10.el7libvirt-daemon-driver-nwfilter-2.0.0-10.el7.ppc64.rpm
RedHat7ppc64lelibvirt-daemon-driver-lxc< 2.0.0-10.el7libvirt-daemon-driver-lxc-2.0.0-10.el7.ppc64le.rpm
RedHat7ppc64libvirt-daemon-driver-storage< 2.0.0-10.el7libvirt-daemon-driver-storage-2.0.0-10.el7.ppc64.rpm
RedHat7ppclibvirt-debuginfo< 2.0.0-10.el7libvirt-debuginfo-2.0.0-10.el7.ppc.rpm
RedHat7ppc64libvirt-daemon-config-nwfilter< 2.0.0-10.el7libvirt-daemon-config-nwfilter-2.0.0-10.el7.ppc64.rpm
RedHat7s390libvirt-devel< 2.0.0-10.el7libvirt-devel-2.0.0-10.el7.s390.rpm
Rows per page:
1-10 of 921

Related

nessus 29
oraclelinux 1
openvas 19
centos 1
ibm 2
veracode 3
prion 3
nvd 3
cvelist 3
debiancve 3
ubuntucve 3
cve 3
gentoo 1
freebsd 1
mageia 2
altlinux 1
fedora 4
debian 3
ubuntu 2
osv 15
nessus
nessus
Oracle Linux 7 : libvirt (ELSA-2016-2577)
2016-11-11 00:00:00
CentOS 7 : libvirt (CESA-2016:2577)
2016-11-28 00:00:00
Scientific Linux Security Update : libvirt on SL7.x x86_64 (20161103)
2016-12-15 00:00:00
oraclelinux
oraclelinux
libvirt security, bug fix, and enhancement update
2016-11-09 00:00:00
openvas
openvas
RedHat Update for libvirt RHSA-2016:2577-02
2016-11-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0923-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0931-1)
2021-06-09 00:00:00
centos
centos
libvirt security update
2016-11-25 15:59:54
ibm
ibm
Security Bulletin: Two vulnerabilities in libvirt affect PowerKVM (CVE-2015-5313, CVE-2016-5008)
2018-06-18 01:33:12
Security Bulletin: A vulnerability in libvirt affects PowerKVM
2018-06-18 01:34:53
veracode
veracode
Information Disclosure
2019-01-15 09:13:55
Directory Traversal
2018-07-20 08:56:18
Authentication Bypass
2019-05-02 05:51:11
prion
prion
Design/Logic Flaw
2018-08-20 21:29:00
Directory traversal
2016-04-11 21:59:00
Authentication flaw
2016-07-13 15:59:00
nvd
nvd
CVE-2015-5160
2018-08-20 21:29:00
CVE-2015-5313
2016-04-11 21:59:04
CVE-2016-5008
2016-07-13 15:59:05
cvelist
cvelist
CVE-2015-5160
2018-08-20 21:00:00
CVE-2015-5313
2016-04-11 21:00:00
CVE-2016-5008
2016-07-13 15:00:00
debiancve
debiancve
CVE-2015-5160
2018-08-20 21:29:00
CVE-2015-5313
2016-04-11 21:59:04
CVE-2016-5008
2016-07-13 15:59:05
ubuntucve
ubuntucve
CVE-2015-5160
2018-08-20 00:00:00
CVE-2015-5313
2015-12-18 00:00:00
CVE-2016-5008
2016-07-13 00:00:00
cve
cve
CVE-2015-5160
2018-08-20 21:29:00
CVE-2015-5313
2016-04-11 21:59:04
CVE-2016-5008
2016-07-13 15:59:05
gentoo
gentoo
libvirt: Directory traversal
2016-12-04 00:00:00
freebsd
freebsd
libvirt -- ACL bypass using ../ to access beyond storage pool
2015-10-30 00:00:00
mageia
mageia
Updated libvirt packages fix security vulnerability
2016-03-10 01:57:53
Updated libvirt packages fix security vulnerabilities
2016-07-08 22:50:51
altlinux
altlinux
Security fix for the ALT Linux 8 package libvirt version 1.3.0-alt1
2015-12-18 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: libvirt-1.2.18.2-1.fc23
2015-12-28 23:01:08
[SECURITY] Fedora 22 Update: libvirt-1.2.13.2-1.fc22
2016-01-08 03:35:48
[SECURITY] Fedora 23 Update: libvirt-1.2.18.4-1.fc23
2016-07-27 20:55:52
debian
debian
[SECURITY] [DSA 3613-1] libvirt security update
2016-07-02 07:48:56
[SECURITY] [DSA 3613-1] libvirt security update
2016-07-02 07:48:56
[SECURITY] [DLA 541-1] libvirt security update
2016-07-01 09:07:13
ubuntu
ubuntu
libvirt vulnerabilities
2018-02-20 00:00:00
libvirt vulnerabilities
2016-01-12 00:00:00
osv
osv
CVE-2021-3559
2021-05-24 12:15:07
CVE-2021-3667
2022-03-02 23:15:08
CVE-2019-20485
2020-03-19 02:15:10

EPSS

0.027

Percentile

90.6%

JSON
Related for RHSA-2016:2577
nessus29oraclelinux1openvas19centos1ibm2veracode3prion3nvd3cvelist3debiancve3ubuntucve3cve3gentoo1freebsd1mageia2altlinux1fedora4debian3ubuntu2osv15