Debian Libvirt vulnerabilities

CVE-2015-0236 [LOW] CVE-2015-0236: libvirt - libvirt before 1.2.12 allow remote authenticated users to obtain the VNC passwor... libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. Scope: local bookworm: resolved (fixed in 1.2.9-8) bullseye: resolved (fixed in 1.2.9-8) forky: resolved (fixed in 1

CVE-2014-3633 [MEDIUM] CVE-2014-3633: libvirt - The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.... The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read. Scope: local bookworm: resolved (fixed in 1.2.8-2) bu

CVE-2014-8131 [MEDIUM] CVE-2014-8131: libvirt - The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 ... The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access. Scope: local bookworm:

CVE-2014-7823 [MEDIUM] CVE-2014-7823: libvirt - The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only use... The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag. Scope: local bookworm: resolved (fixed in 1.2.9-4) bullseye: resolved (fixed in 1.2.9-4) forky: resolved (fixed in 1.2.9-4) sid: resolved (fixed in 1.2.9-4

CVE-2014-0028 [MEDIUM] CVE-2014-0028: libvirt - libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the dom... libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API. Scope: local bookworm: resolved (fixed in 1.

CVE-2014-3657 [MEDIUM] CVE-2014-3657: libvirt - The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9... The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command. Scope: local bookworm: resolved (fixed in 1.2.9-1) bullseye: resolved (fixed in

CVE-2014-1447 [LOW] CVE-2014-1447: libvirt - Race condition in the virNetServerClientStartKeepAlive function in libvirt befor... Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. Scope: local bookworm: resolved (fixed in 1.2.1-1) bullseye: resolved (fixed in 1.2.1-1) forky: resolved (fixed in 1.2.1-1) sid: resolved (fixed in 1.2.

CVE-2014-5177 [LOW] CVE-2014-5177: libvirt - libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is en... libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePool

CVE-2014-0179 [LOW] CVE-2014-0179: libvirt - libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of... libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT

CVE-2014-8136 [LOW] CVE-2014-8136: libvirt - The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in q... The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. Scope: local bookworm: resolved (fixed in 1.2.9-7) bullseye: resolved (fixed in 1.2.9-7) forky: resolved (fixed in 1.2.9-7) sid: resol

CVE-2014-8135 [LOW] CVE-2014-8135: libvirt - The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.... The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command. Scope: local bookworm: resolved (fixed in 1.2.9-7) bullseye: resolved (fixed in 1.2.9-7) fo

CVE-2013-4400 [HIGH] CVE-2013-4400: libvirt - virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite ... virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. Scope: local bookworm: resolved (fixed in 1.1.4-1) bullseye: resolved (fixed in 1.1.4-1) forky: resolved (fixed in 1.1.4-1) sid: resolved (fixed in 1.1.4-1) trixie: resolved (fixed

CVE-2013-4401 [HIGH] CVE-2013-4401: libvirt - The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 chec... The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information. Scope: local bookworm: resolved (fixed in 1.1

CVE-2013-4297 [MEDIUM] CVE-2013-4297: libvirt - The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and ea... The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors. Scope: local bookworm: resolved (fixed in 1.1.2-2) bullseye: resolved (fixed in 1.1.2-2) forky: resolved (fixed in 1.1.2-2) sid: resolved (fixed in

CVE-2013-5651 [MEDIUM] CVE-2013-5651: libvirt - The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows c... The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune. Scope: local bookworm: resolved (fixed in 1.1.2~rc1-1) bullseye: resolved (fixed in 1.1.2~rc1-1) forky: resolved (fixed in 1.

CVE-2013-2230 [MEDIUM] CVE-2013-2230: libvirt - The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authe... The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration." Scope: local bookworm: resolved (fixed in 1.1.0-3) bullseye: resolved (fixed in 1.1.0-3) forky: resolved (fixed in 1.1.0-3) sid: resolved (fixed in 1.1.0-3) trixie

CVE-2013-4239 [MEDIUM] CVE-2013-4239: libvirt - The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1... The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function. Scope: local bookworm: resolved (fixed in 1.1.2~rc1-1) bullseye: resolved (fixed in 1.1.2~rc1-1) forky: resolved (fixed in 1.

CVE-2013-4153 [MEDIUM] CVE-2013-4153: libvirt - Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c... Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command. Scope: local bookworm: resolved (fixed in 1.1.0-4) bullseye: resolved (fixed in 1.1.0-4) forky: resol

CVE-2013-0170 [MEDIUM] CVE-2013-0170: libvirt - Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserv... Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a messag

CVE-2013-6457 [MEDIUM] CVE-2013-6457: libvirt - The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_drive... The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command. Scope: local bookworm: resolved (fixed