Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 10 Mar 2011 15:04:35 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com, Petr Matousek <pmatouse@...hat.com>
Cc: coley@...us.mitre.org
Subject: Re: CVE request: libvirt: several API calls do not
 honour read-only connection



----- Original Message -----
> "It has been found that several libvirt API calls
> (virNodeDeviceDettach,
> virNodeDeviceReset, virDomainRevertToSnapshot,
> virDomainSnapshotDelete) did not
> honour read-only connection. Remote attacker could use this flaw to
> crash the
> host server (DoS)."
> 
> Reference:
> https://bugzilla.redhat.com/show_bug.cgi?id=683650
> 

This should only need one ID.

Please use CVE-2011-1146

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ