http://www.mandriva.com/en/
______________________________
Package : libvirt
Date : February 6, 2015
Affected: Business Server 1.0
______________________________
Problem Description:
Updated libvirt packages fix security vulnerability:
The XML getters for for save images and snapshots objects don't
check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump
security sensitive information. A remote attacker able to establish
a connection to libvirtd could use this flaw to cause leak certain
limited information from the domain xml file (CVE-2015-0236).
______________________________
References:
http://cve.mitre.org/cgi-bin/
http://advisories.mageia.org/
______________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
7471b6cc890804ab61d482c4135296
f48e57a66d2696b303a8b12f0916f3
27773ed63dd0adf3bfe87edc401317
8ecd5e974dc40295551f875218346e
73de0fabcedd68a012ea7e0e1a21e7
______________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Komentarų nėra:
Rašyti komentarą