USN-2867-1: libvirt vulnerabilities
Ubuntu Security Notice USN-2867-1 12th January, 2016 libvirt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in libvirt. Software description libvirt – Libvirt virtualization toolkit Details It was discovered that libvirt incorrectly handled the firewall rules onbridge networks when the daemon was restarted. This could result in anunintended firewall configuration. This issue only applied to Ubuntu 12.04LTS. (CVE-2011-4600) Peter Krempa discovered that libvirt incorrectly handled locking whencertain ACL checks failed. A local attacker could use this issue to causelibvirt to stop responding, resulting in a denial of service. This issueonly applied to Ubuntu 14.04 LTS. (CVE-2014-8136) Luyao Huang discovered that libvirt incorrectly handled VNC passwords inshapshot and image files. A remote authenticated user could use this issueto possibly obtain VNC [ more… ]