Detections
Analytics

MiracleLinux 4 : libvirt-0.10.2-29.5.0.1.AXS4 (AXSA:2014-076:01)

critical Nessus Plugin ID 289123

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-076:01 advisory.

 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support.
 Security issues fixed with this release:
 CVE-2013-6458 Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.
 CVE-2014-1447 Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.
 Fixed bugs:
 Previously, the VLAN tag for a hostdev-based network was not set properly in the hardware device. This has been fixed and VLAN tags set in the network definition are now transferred to devices as they are assigned to guests.
 A previous fix left cases where locks were not cleaned up. This could make libvirtd crash when migrating to a file. This has been fixed.
 Made the libvirt-guests init script LSB compliant so that scripts relying on the service status run as expected.
 Previously, the virDomainDeviceUpdateFlags() function in libvirt allowed to update some configuration on a running domain. But a missing implementation prevented the QoS to be changed when updating the Network Interface Controller. This has been fixed.
 Previously, libvirt sometimes failed to detect that a domain had already been started so when two clients tried to start the same transient domain, more than one QEMU process could run for the same domain. this has been fixed and only one QEMU process will run for the same domain.
 Fixed a regression in event de-registration that triggered the following error message:
 Error libvirt: XML-RPC error : internal error: domain event 0 not registered Previously, the libvirt python bindings did not distinguish between a block job status returning an error and no status available. This led to a python exception. This bug has been fixed and bindings are now more reliable when managing block jobs.
 Fixed a race condition leading to a crash when two threads were working over the same domain. This has been fixed.
 Previously, if not SCSI controller model, or no controller at all were specified, libvirt failed to find a suitable SCSI controller. This has been fixed: libvirt now checks virtio-scsi when searching for suitable model.
 Fixed a race condition between a thread starting a virtual machine with a guest agent configured and a thread that was killing the VM process (or the process crashing).
 Added a check for transient domain to prevent some applications to take an incorrect action when a guest had been migrated but before its removal.
 Changed the default for forwardPlainNames to Yes.
 libvirt now only prevents the forwarding of DNS requests for unqualified names.
 sanlock daemon's limit of 48 characters on the lock owner name prevented domains with names longer than 48 characters from starting. This has been fixed, libvirt now truncates the domain name if needed when sending it to sanlock.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/4510

Plugin Details

Severity: Critical

ID: 289123

File Name: miracle_linux_AXSA-2014-076.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-6458

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2014-1447

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:libvirt, p-cpe:/a:miracle:linux:libvirt-client, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:libvirt-devel, p-cpe:/a:miracle:linux:libvirt-python

Required KB Items: Host/local_checks_enabled, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 3/18/2014

Vulnerability Publication Date: 12/13/2013

Reference Information

CVE: CVE-2013-6458, CVE-2014-1447