PublicDateAtUSN: 2015-01-29
Candidate: CVE-2015-0236
PublicDate: 2015-01-29 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0236
 http://security.libvirt.org/2015/0001.html
 https://ubuntu.com/security/notices/USN-2867-1
Description:
 libvirt before 1.2.12 allow remote authenticated users to obtain the VNC
 password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1)
 snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the
 virDomainSaveImageGetXMLDesc interface.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776065
Priority: low
Discovered-by: Luyao Huang
Assigned-to: mdeslaur
CVSS: 

Patches_libvirt:
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=e99c25ca63c695a63b4c9b91ee956be4fb660772 (1.2.2)
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=8107c1e3694ba4685960ec09868076379718f037 (1.2.2)
upstream_libvirt: released (1.2.12)
lucid_libvirt: ignored (reached end-of-life)
precise_libvirt: not-affected (code not present)
trusty_libvirt: released (1.2.2-0ubuntu13.1.16)
trusty/esm_libvirt: released (1.2.2-0ubuntu13.1.16)
utopic_libvirt: ignored (reached end-of-life)
vivid_libvirt: not-affected (1.2.12-0ubuntu14.2)
wily_libvirt: not-affected (1.2.16-2ubuntu9)
devel_libvirt: not-affected (1.2.16-2ubuntu9)