Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CentOS Update for libvirt CESA-2012:1202 centos6

Information

Severity

Severity

Low

Family

Family

CentOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

3.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

10 years ago

Modified

Modified

4 years ago

Summary

The remote host is missing an update for the 'libvirt' package(s) announced via the referenced advisory.

Insight

Insight

The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd's RPC call handling. An attacker able to establish a read-only connection to libvirtd could trigger this flaw with a specially-crafted RPC command that has the number of parameters set to 0, causing libvirtd to access invalid memory and crash. (CVE-2012-3445) This update also fixes the following bugs: * Previously, repeatedly migrating a guest between two machines while using the tunnelled migration could cause the libvirt daemon to lock up unexpectedly. The bug in the code for locking remote drivers has been fixed and repeated tunnelled migrations of domains now work as expected. (BZ#847946) * Previously, when certain system locales were used by the system, libvirt could issue incorrect commands to the hypervisor. This bug has been fixed and the libvirt library and daemon are no longer affected by the choice of the user locale. (BZ#847959) All users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.

Affected Software

Affected Software

libvirt on CentOS 6

Solution

Solution

Please install the updated packages.

Common Vulnerabilities and Exposures (CVE)