oss-sec mailing list archives
CVE request: libvirt when compiled with openvz support has a potential security hole
From: Vincent Danen <vdanen () redhat com>
Date: Tue, 7 Dec 2010 17:21:37 -0700
We were notified of a fix to upstream libvirt that plugs a potential security hole (buffer overflow) via the OpenVZ support in libvirt. Red Hat and Fedora do not ship libvirt with OpenVZ support enabled; I'm not sure if other vendors do or not. The patch was posted publicly today, and although it's a low impact issue, probably needs a CVE name. https://www.redhat.com/archives/libvir-list/2010-December/msg00348.html Thanks. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: libvirt when compiled with openvz support has a potential security hole Vincent Danen (Dec 07)
- Re: CVE request: libvirt when compiled with openvz support has a potential security hole Eugene Teo (Dec 07)
- Re: CVE request: libvirt when compiled with openvz support has a potential security hole Vincent Danen (Dec 08)
- Re: CVE request: libvirt when compiled with openvz support has a potential security hole Eugene Teo (Dec 07)