On Fri, Mar 11, 2011 at 06:46:28AM -0300, Luciano Bello wrote: > Package: libvirt > Tags: security > > Hi, > "It has been found that several libvirt API calls (virNodeDeviceDettach, > virNodeDeviceReset, virDomainRevertToSnapshot, virDomainSnapshotDelete) did > not > honour read-only connection. Remote attacker could use this flaw to crash the > host server (DoS)." > > Please use CVE-2011-1146 as a reference to this problem. Can you confirm if > this > affects to oldstable or stable? > > More info at > https://bugzilla.redhat.com/show_bug.cgi?id=683650
Stable has: virNodeDeviceDettach virNodeDeviceReset virDomainRevertToSnapshot virDomainSnapshotDelete lacking checks for RO connections. Oldstable has none of these functions since the APIs were added later. Cheers, -- Guido -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
