Ubuntu security notices
USN-3576-1: libvirt vulnerabilities
USN-3576-1: libvirt vulnerabilities Ubuntu Security Notice USN-3576-1 20th February, 2018 libvirt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in libvirt. Software description libvirt – Libvirt virtualization toolkit Details Vivian Zhang and Christoph Anton Mitterer discovered that libvirtincorrectly disabled password authentication when the VNC password was setto an empty string. A remote attacker could possibly use this issue tobypass authentication, contrary to expectations. This issue only affectedUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5008) Daniel P. Berrange discovered that libvirt incorrectly handled validatingSSL/TLS certificates. A remote attacker could possibly use this issue toobtain sensitive information. This issue only affected Ubuntu 17.10.(CVE-2017-1000256) Daniel P. Berrange and Peter Krempa discovered that libvirt incorrectlyhandled large QEMU replies. An attacker could possibly use this issue tocause [ more… ]