[Pkg-libvirt-maintainers] Bug#617773: libvirt: several API calls do not honour read-only connection
Luciano Bello
luciano at debian.org
Fri Mar 11 09:46:28 UTC 2011
Package: libvirt
Tags: security
Hi,
"It has been found that several libvirt API calls (virNodeDeviceDettach,
virNodeDeviceReset, virDomainRevertToSnapshot, virDomainSnapshotDelete) did not
honour read-only connection. Remote attacker could use this flaw to crash the
host server (DoS)."
Please use CVE-2011-1146 as a reference to this problem. Can you confirm if this
affects to oldstable or stable?
More info at
https://bugzilla.redhat.com/show_bug.cgi?id=683650
Thanks, luciano
More information about the Pkg-libvirt-maintainers
mailing list