CVE-2015-0236

Priority
Description
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC
password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1)
snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the
virDomainSaveImageGetXMLDesc interface.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (1.2.12)
Ubuntu 14.04 ESM (Trusty Tahr):released (1.2.2-0ubuntu13.1.16)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.2.16-2ubuntu9)
Patches:
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=e99c25ca63c695a63b4c9b91ee956be4fb660772 (1.2.2)
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=8107c1e3694ba4685960ec09868076379718f037 (1.2.2)
More Information

Updated: 2019-12-05 18:39:19 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)