MGASA-2016-0248

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0248.html

Import Source

https://advisories.mageia.org/MGASA-2016-0248.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2016-0248

Related

CVE-2016-5008

Published

2016-07-08T19:50:51Z

Modified

2016-07-08T19:39:07Z

Summary

Updated libvirt packages fix security vulnerabilities

Details

Updated libvirt packages fix security vulnerability:

Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled, allowing any user to connect, despite the documentation declaring that setting an empty password for the VNC server prevents all client connections. With this update the behaviour is enforced by setting the password expiration to "now" (CVE-2016-5008).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / libvirt

Package

Name: libvirt
Purl: pkg:rpm/mageia/libvirt?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.9.3-1.4.mga5

Ecosystem specific

{
    "section": "core"
}