[Bug 697197] Re: Empty password allows access to VNC in libvirt

Launchpad Bug Tracker Mon, 14 Feb 2011 11:11:51 -0800

This bug was fixed in the package qemu-kvm - 0.12.5+noroms-0ubuntu7.2

---------------
qemu-kvm (0.12.5+noroms-0ubuntu7.2) maverick-security; urgency=low


  [ Dustin Kirkland ]
  * SECURITY UPDATE: Setting VNC password to empty string silently
    disables all authentication (LP: #697197).
    - debian/patches/697197-fix-vnc-password-semantics.patch: Reverses the
      change introduced in Qemu by git commit 52c18be9, thanks to Neil Wilson.
    - CVE-2011-0011

  [ Kees Cook ]
  * debian/rules: disable parallel build; fix FTBFS.
 -- Kees Cook <k...@ubuntu.com>   Fri, 11 Feb 2011 15:52:12 -0800

** Changed in: qemu-kvm (Ubuntu Maverick)
       Status: Fix Committed => Fix Released

** Changed in: qemu-kvm (Ubuntu Lucid)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
https://bugs.launchpad.net/bugs/697197

Title:
  Empty password allows access to VNC in libvirt

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 697197] Re: Empty password allows access to VNC in libvirt

Reply via email to