Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-0236

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.

Related bugs and status

CVE-2015-0236 (Candidate) is related to these bugs:

Bug #1534262: Outdated (vulnerable) libvirt package in MOS 6.0

		In	Importance	Status
1534262	Outdated (vulnerable) libvirt package in MOS 6.0	Mirantis OpenStack	High	Fix Released
1534262	Outdated (vulnerable) libvirt package in MOS 6.0	Mirantis OpenStack 7.0.x	High	Fix Released
1534262	Outdated (vulnerable) libvirt package in MOS 6.0	Mirantis OpenStack 6.1.x	High	Fix Released
1534262	Outdated (vulnerable) libvirt package in MOS 6.0	Mirantis OpenStack 5.1.x	High	Won't Fix

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://www.mandriva.co...
MISC: http://www.mandriva.co...
MISC: http://rhn.redhat.com/...
MISC: http://www.ubuntu.com/...
MISC: http://advisories.mage...
MISC: http://security.libvir...
MISC: http://lists.opensuse....