ID CVE-2016-5008
Summary libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:libvirt:1.3.5
    cpe:2.3:a:redhat:libvirt:1.3.5
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
CVSS
Base: 4.3 (as of 14-07-2016 - 11:57)
Impact:
Exploitability:
CWE CWE-284
CAPEC
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2053-1.NASL
    description This update for libvirt fixes one security issue : - CVE-2016-5008: Empty VNC password disables authentication. (bsc#987527) Additionally, the update includes the following non-security fixes : - Improve waiting for block job readines in virsh. (bsc#989755) - Parse negative values in augeas lenses. (bsc#975729) - Restart daemons in %posttrans after connection drivers have been processed. (bsc#854343, bsc#968483) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93287
    published 2016-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93287
    title SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2016:2053-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1052.NASL
    description According to the version of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication.(CVE-2016-5008) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99897
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99897
    title EulerOS 2.0 SP2 : libvirt (EulerOS-SA-2017-1052)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-2577.NASL
    description From Red Hat Security Advisory 2016:2577 : An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvirt (2.0.0). (BZ#830971, BZ#1286679) Security Fix(es) : * It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160) * A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313) * It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 94700
    published 2016-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94700
    title Oracle Linux 7 : libvirt (ELSA-2016-2577)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2577.NASL
    description An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvirt (2.0.0). (BZ#830971, BZ#1286679) Security Fix(es) : * It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160) * A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313) * It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 94540
    published 2016-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94540
    title RHEL 7 : libvirt (RHSA-2016:2577)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1944-1.NASL
    description This update for libvirt fixes the following issues: Security issues fixed : - CVE-2016-5008: empty VNC password disables authentication (bsc#987527) Bugs fixed : - bsc#970906: Fixed a race condition in xenstore event handling. - bsc#952889: Change hap setting to align with Xen behavior. - Fixed 'make check' failures. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93188
    published 2016-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93188
    title SUSE SLES11 Security Update : libvirt (SUSE-SU-2016:1944-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-875.NASL
    description This update for libvirt fixes the following issue : - CVE-2016-5008: empty VNC password disables authentication (boo#987527)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 92353
    published 2016-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92353
    title openSUSE Security Update : libvirt (openSUSE-2016-875)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3613.NASL
    description Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled, allowing any user to connect, despite the documentation declaring that setting an empty password for the VNC server prevents all client connections. With this update the behaviour is enforced by setting the password expiration to 'now'.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 91924
    published 2016-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91924
    title Debian DSA-3613-1 : libvirt - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-7B7E16A39E.NASL
    description - Rebased to version 1.2.18.4 - CVE-2016-5008: Setting empty VNC password allows access to unauthorized users (bz #1351516) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92591
    published 2016-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92591
    title Fedora 23 : libvirt (2016-7b7e16a39e)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-2577.NASL
    description An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvirt (2.0.0). (BZ#830971, BZ#1286679) Security Fix(es) : * It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160) * A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313) * It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 95324
    published 2016-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95324
    title CentOS 7 : libvirt (CESA-2016:2577)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20161103_LIBVIRT_ON_SL7_X.NASL
    description The following packages have been upgraded to a newer upstream version: libvirt (2.0.0). Security Fix(es) : - It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160) - A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313) - It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 95846
    published 2016-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95846
    title Scientific Linux Security Update : libvirt on SL7.x x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3576-1.NASL
    description Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5008) Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. (CVE-2017-1000256) Daniel P. Berrange and Peter Krempa discovered that libvirt incorrectly handled large QEMU replies. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. (CVE-2018-5748) Pedro Sampaio discovered that libvirt incorrectly handled the libnss_dns.so module. An attacker in a libvirt_lxc session could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6764). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106928
    published 2018-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106928
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : libvirt vulnerabilities (USN-3576-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1053.NASL
    description According to the version of the libvirt package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication.(CVE-2016-5008) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99898
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99898
    title EulerOS 2.0 SP1 : libvirt (EulerOS-SA-2017-1053)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-541.NASL
    description It was discovered that there was a password policy issue in libvirt, a library for interfacing with different virtualization systems. Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behave like that. VNC would happily accept the empty password. We enforce the behavior by setting password expiration to 'now'. For Debian 7 'Wheezy', this issue has been fixed in libvirt version 0.9.12.3-1+deb7u2. We recommend that you upgrade your libvirt packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 91921
    published 2016-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91921
    title Debian DLA-541-1 : libvirt security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-65CC608EBE.NASL
    description - Rebased to version 1.3.3.2 - Fix xen default video device config (bz #1336629) - Don't reject duplicate disk serials (bz #1349895) - Fix LXC cgroup name mismatch (bz #1350139) - Fix managed save/restore with VM USB Keyboard (bz #1353222) - Missing dep on systemd-container (bz #1355784) - CVE-2016-5008: Setting empty VNC password allows access to unauthorized users (bz #1351516) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92533
    published 2016-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92533
    title Fedora 24 : libvirt (2016-65cc608ebe)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-874.NASL
    description This update for libvirt fixes the following issues : - CVE-2016-5008: empty VNC password disables authentication (boo#987527)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 92352
    published 2016-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92352
    title openSUSE Security Update : libvirt (openSUSE-2016-874)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-943.NASL
    description This update for libvirt fixes the following issues : - Update to libvirt 1.2.18.4 stable release - Inherit many upstream bug fixes, including CVE-2016-5008 boo#987527. For details, see http://wiki.libvirt.org/page/Maintenance_Releases - virsh: improve waiting for block job readines (boo#989755)
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 92773
    published 2016-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92773
    title openSUSE Security Update : libvirt (openSUSE-2016-943)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2141-1.NASL
    description This update for libvirt fixes the following issues: Security issues fixed : - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka 'Memory Disambiguation' (bsc#1092885). - CVE-2018-1064: Fix denial of service problem during reading from guest agent (bsc#1083625). - CVE-2018-5748: Fix resource exhaustion via qemuMonitorIORead() method (bsc#1076500). - CVE-2016-5008: Fix that an empty VNC password disables authentication (bsc#987527). - CVE-2017-5715: Fix speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). Bug fixes : - bsc#980558: Fix NUMA node memory allocation. - bsc#968483: Restart daemons in %posttrans after connection drivers. - bsc#897352: Systemd fails to ignore LSB services. - bsc#956298: virsh domxml-to-native causes segfault of libvirtd. - bsc#964465: libvirtd.service causes systemd warning about xencommons service. - bsc#954872: Script block-dmmd not working as expected. - bsc#854343: libvirt installation run inappropriate systemd restart. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111503
    published 2018-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111503
    title SUSE SLES12 Security Update : libvirt (SUSE-SU-2018:2141-1) (Spectre)
redhat via4
advisories
bugzilla
id 1377212
title libvirt: SCSI: hostdev / controller host-plug related fixes
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment libvirt is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577037
      • comment libvirt is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110391006
    • AND
      • comment libvirt-client is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577017
      • comment libvirt-client is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110391010
    • AND
      • comment libvirt-daemon is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577013
      • comment libvirt-daemon is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914016
    • AND
      • comment libvirt-daemon-config-network is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577021
      • comment libvirt-daemon-config-network is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914008
    • AND
      • comment libvirt-daemon-config-nwfilter is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577033
      • comment libvirt-daemon-config-nwfilter is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914022
    • AND
      • comment libvirt-daemon-driver-interface is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577031
      • comment libvirt-daemon-driver-interface is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914028
    • AND
      • comment libvirt-daemon-driver-lxc is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577029
      • comment libvirt-daemon-driver-lxc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914026
    • AND
      • comment libvirt-daemon-driver-network is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577005
      • comment libvirt-daemon-driver-network is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914010
    • AND
      • comment libvirt-daemon-driver-nodedev is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577025
      • comment libvirt-daemon-driver-nodedev is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914020
    • AND
      • comment libvirt-daemon-driver-nwfilter is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577035
      • comment libvirt-daemon-driver-nwfilter is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914038
    • AND
      • comment libvirt-daemon-driver-qemu is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577039
      • comment libvirt-daemon-driver-qemu is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914040
    • AND
      • comment libvirt-daemon-driver-secret is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577027
      • comment libvirt-daemon-driver-secret is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914012
    • AND
      • comment libvirt-daemon-driver-storage is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577007
      • comment libvirt-daemon-driver-storage is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914018
    • AND
      • comment libvirt-daemon-kvm is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577041
      • comment libvirt-daemon-kvm is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914044
    • AND
      • comment libvirt-daemon-lxc is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577019
      • comment libvirt-daemon-lxc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914030
    • AND
      • comment libvirt-devel is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577009
      • comment libvirt-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110391008
    • AND
      • comment libvirt-docs is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577011
      • comment libvirt-docs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914032
    • AND
      • comment libvirt-lock-sanlock is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577043
      • comment libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120748014
    • AND
      • comment libvirt-login-shell is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577015
      • comment libvirt-login-shell is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914014
    • AND
      • comment libvirt-nss is earlier than 0:2.0.0-10.el7
        oval oval:com.redhat.rhsa:tst:20162577023
      • comment libvirt-nss is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162577024
rhsa
id RHSA-2016:2577
released 2016-11-03
severity Moderate
title RHSA-2016:2577: libvirt security, bug fix, and enhancement update (Moderate)
rpms
  • libvirt-0:2.0.0-10.el7
  • libvirt-client-0:2.0.0-10.el7
  • libvirt-daemon-0:2.0.0-10.el7
  • libvirt-daemon-config-network-0:2.0.0-10.el7
  • libvirt-daemon-config-nwfilter-0:2.0.0-10.el7
  • libvirt-daemon-driver-interface-0:2.0.0-10.el7
  • libvirt-daemon-driver-lxc-0:2.0.0-10.el7
  • libvirt-daemon-driver-network-0:2.0.0-10.el7
  • libvirt-daemon-driver-nodedev-0:2.0.0-10.el7
  • libvirt-daemon-driver-nwfilter-0:2.0.0-10.el7
  • libvirt-daemon-driver-qemu-0:2.0.0-10.el7
  • libvirt-daemon-driver-secret-0:2.0.0-10.el7
  • libvirt-daemon-driver-storage-0:2.0.0-10.el7
  • libvirt-daemon-kvm-0:2.0.0-10.el7
  • libvirt-daemon-lxc-0:2.0.0-10.el7
  • libvirt-devel-0:2.0.0-10.el7
  • libvirt-docs-0:2.0.0-10.el7
  • libvirt-lock-sanlock-0:2.0.0-10.el7
  • libvirt-login-shell-0:2.0.0-10.el7
  • libvirt-nss-0:2.0.0-10.el7
refmap via4
bid 91562
confirm
debian DSA-3613
fedora
  • FEDORA-2016-65cc608ebe
  • FEDORA-2016-7b7e16a39e
suse
  • openSUSE-SU-2016:1809
  • openSUSE-SU-2016:1810
  • openSUSE-SU-2016:1975
ubuntu USN-3576-1
Last major update 28-11-2016 - 15:22
Published 13-07-2016 - 11:59
Last modified 15-03-2018 - 21:29
Back to Top