This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been discovered and corrected in
An out-of-bounds read flaw was found in the way libvirt's
qemuDomainGetBlockIoTune() function looked up the disk index in a
non-persistent (live) disk configuration while a persistent disk
configuration was being indexed. A remote attacker able to establish a
read-only connection to libvirtd could use this flaw to crash libvirtd
or, potentially, leak memory from the libvirtd process
A denial of service flaw was found in the way libvirt's
virConnectListAllDomains() function computed the number of used
domains. A remote attacker able to establish a read-only connection to
libvirtd could use this flaw to make any domain operations within
libvirt unresponsive (CVE-2014-3657).
The updated libvirt packages have been upgraded to the 18.104.22.168 version
and patched to resolve these security flaws.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 5.0
Public Exploit Available : false