CVE-2014-0028

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-0028 at MITRE

Description

libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.

NVD CVSS v2 Base Score: 4.3 (AV:A/AC:M/Au:N/C:P/I:N/A:P)

SUSE information

SUSE Bugzilla entry: 859051

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 13.1
  • libvirt >= 1.1.2-2.18.3
  • libvirt-client >= 1.1.2-2.18.3
  • libvirt-client-32bit >= 1.1.2-2.18.3
  • libvirt-client-debuginfo >= 1.1.2-2.18.3
  • libvirt-client-debuginfo-32bit >= 1.1.2-2.18.3
  • libvirt-daemon >= 1.1.2-2.18.3
  • libvirt-daemon-config-network >= 1.1.2-2.18.3
  • libvirt-daemon-config-nwfilter >= 1.1.2-2.18.3
  • libvirt-daemon-debuginfo >= 1.1.2-2.18.3
  • libvirt-daemon-driver-interface >= 1.1.2-2.18.3
  • libvirt-daemon-driver-interface-debuginfo >= 1.1.2-2.18.3
  • libvirt-daemon-driver-libxl >= 1.1.2-2.18.3
  • libvirt-daemon-driver-libxl-debuginfo >= 1.1.2-2.18.3
  • libvirt-daemon-driver-lxc >= 1.1.2-2.18.3
  • libvirt-daemon-driver-lxc-debuginfo >= 1.1.2-2.18.3
  • libvirt-daemon-driver-network >= 1.1.2-2.18.3
  • libvirt-daemon-driver-network-debuginfo >= 1.1.2-2.18.3
  • libvirt-daemon-driver-nodedev >= 1.1.2-2.18.3
  • libvirt-daemon-driver-nodedev-debuginfo >= 1.1.2-2.18.3
  • libvirt-daemon-driver-nwfilter >= 1.1.2-2.18.3
  • libvirt-daemon-driver-nwfilter-debuginfo >= 1.1.2-2.18.3
  • libvirt-daemon-driver-qemu >= 1.1.2-2.18.3
  • libvirt-daemon-driver-qemu-debuginfo >= 1.1.2-2.18.3
  • libvirt-daemon-driver-secret >= 1.1.2-2.18.3
  • libvirt-daemon-driver-secret-debuginfo >= 1.1.2-2.18.3
  • libvirt-daemon-driver-storage >= 1.1.2-2.18.3
  • libvirt-daemon-driver-storage-debuginfo >= 1.1.2-2.18.3
  • libvirt-daemon-driver-uml >= 1.1.2-2.18.3
  • libvirt-daemon-driver-uml-debuginfo >= 1.1.2-2.18.3
  • libvirt-daemon-driver-vbox >= 1.1.2-2.18.3
  • libvirt-daemon-driver-vbox-debuginfo >= 1.1.2-2.18.3
  • libvirt-daemon-driver-xen >= 1.1.2-2.18.3
  • libvirt-daemon-driver-xen-debuginfo >= 1.1.2-2.18.3
  • libvirt-daemon-lxc >= 1.1.2-2.18.3
  • libvirt-daemon-qemu >= 1.1.2-2.18.3
  • libvirt-daemon-uml >= 1.1.2-2.18.3
  • libvirt-daemon-vbox >= 1.1.2-2.18.3
  • libvirt-daemon-xen >= 1.1.2-2.18.3
  • libvirt-debugsource >= 1.1.2-2.18.3
  • libvirt-devel >= 1.1.2-2.18.3
  • libvirt-devel-32bit >= 1.1.2-2.18.3
  • libvirt-doc >= 1.1.2-2.18.3
  • libvirt-lock-sanlock >= 1.1.2-2.18.3
  • libvirt-lock-sanlock-debuginfo >= 1.1.2-2.18.3
  • libvirt-login-shell >= 1.1.2-2.18.3
  • libvirt-login-shell-debuginfo >= 1.1.2-2.18.3
  • libvirt-python >= 1.1.2-2.18.3
  • libvirt-python-debuginfo >= 1.1.2-2.18.3
Patchnames:
openSUSE-2014-154