CVE-2015-0236
Published: 29 January 2015
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Not vulnerable
(code not present)
|
|
trusty |
Released
(1.2.2-0ubuntu13.1.16)
|
|
upstream |
Released
(1.2.12)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Not vulnerable
(1.2.12-0ubuntu14.2)
|
|
wily |
Not vulnerable
(1.2.16-2ubuntu9)
|
|
Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=e99c25ca63c695a63b4c9b91ee956be4fb660772 (1.2.2) upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=8107c1e3694ba4685960ec09868076379718f037 (1.2.2) |