Mandriva Linux Security Advisory : libvirt (MDVSA-2014:195)
Medium Nessus Plugin ID 78062
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been discovered and corrected in libvirt :
An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process (CVE-2014-3633).
A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive (CVE-2014-3657).
The updated libvirt packages have been upgraded to the 126.96.36.199 version and patched to resolve these security flaws.
SolutionUpdate the affected packages.