libvirt-2.0.0-10.el7
エラータID: AXSA:2016-880:04
リリース日:
2016/11/09 Wednesday - 17:55
題名:
libvirt-2.0.0-10.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- libvirt の storage/storage_backend_fs.c の
virStorageBackendFileSystemVolCreate 関数には,きめ細かい ACL が
有効な場合,ディレクトリトラバーサル脆弱性が存在し,ボリューム名の ..
(ドットドット) によって,domain:write 権限ではなく,storage_vol:create
ACL を持つローカルのユーザが任意のファイルに書き込む脆弱性があります。
(CVE-2015-5313)
- VNC サーバのパスワードに空文字が設定されている場合,libvirt は不適切に
パスワードチェックを無効にしていました。サーバに接続することによって,
リモートの攻撃者が認証を迂回し,VNC セッションを確立する脆弱性がありま
す。(CVE-2016-5008)
- RADOS ブロックデバイス (RBD) を使用している場合,libvirt には qemu
のコマンドラインに Ceph 認証情報を含んでおり,プロセスの列挙によって,
ローカルのユーザが機密情報を取得できる脆弱性があります。 (CVE-2015-5160)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2015-5160
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
CVE-2015-5313
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
CVE-2016-5008
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
追加情報:
N/A
ダウンロード:
SRPMS
- libvirt-2.0.0-10.el7.src.rpm
MD5: e7eda05fe878c73ffec02ff38432b00a
SHA-256: 6fc6f8d2421df4698d1e3b1b543ece3547a936efc7c3add02e5ae26171e38295
Size: 13.09 MB
Asianux Server 7 for x86_64
- libvirt-2.0.0-10.el7.x86_64.rpm
MD5: 4a9ad77ec7db23b5a701bb4924aa1f2a
SHA-256: d6db42cac4f24476bcb17b1c95a7b57c62f66e2211cb2e23e283293ce2c80d12
Size: 135.18 kB - libvirt-client-2.0.0-10.el7.x86_64.rpm
MD5: e5963316836c0e23d17cd424bf16a9fe
SHA-256: 40912ae204ef7e954c7c75bfa1ad9f3aab848051c2fd643e3d5b56a69f5601a6
Size: 4.32 MB - libvirt-daemon-2.0.0-10.el7.x86_64.rpm
MD5: 87efde93042f48d898b081fb9ae04809
SHA-256: 66b9a15713b828887116d2b95a854a9171ee6059f57aa54b4358a850e677eff5
Size: 717.62 kB - libvirt-daemon-config-network-2.0.0-10.el7.x86_64.rpm
MD5: cd48f0a0ab80e623da9669dfd6e40966
SHA-256: 654ebfcd9b4c70af1172d4bcb7fefa48dbcab18c9959b0ae53f88c3a11db9f35
Size: 136.30 kB - libvirt-daemon-config-nwfilter-2.0.0-10.el7.x86_64.rpm
MD5: 22a02383150e8d29f30c7298eb5acc06
SHA-256: 7f763e61c5de47824ccb345cdc2ebed5a2179a309136bba32e3a3dce6cd3b9eb
Size: 138.72 kB - libvirt-daemon-driver-interface-2.0.0-10.el7.x86_64.rpm
MD5: 86114729afe7478a98f575fb3191cc45
SHA-256: e8a6072e17e37c0bb2a8ac01a5ba629466d046a3e9de2d57039a13aeaaa12c16
Size: 178.92 kB - libvirt-daemon-driver-lxc-2.0.0-10.el7.x86_64.rpm
MD5: 0b95b9db72fbf35b44709ed669e37cad
SHA-256: 9df84a409f65f67b65f4304a5482c5280b41f7577c7b22d101c2c497b967588b
Size: 800.07 kB - libvirt-daemon-driver-network-2.0.0-10.el7.x86_64.rpm
MD5: 9a8b24cd3b9341b418a0b05427ffb847
SHA-256: 8efe7f6f57c197e448d0b0eb9faa819786452c8da64e1a89abd0916520b33bec
Size: 333.99 kB - libvirt-daemon-driver-nodedev-2.0.0-10.el7.x86_64.rpm
MD5: 1fe93a952150d598512f581b08840bae
SHA-256: 49de5e3883931b314a037c4e13a9e14db4efdbed88c942861213f6e11d70ac5e
Size: 178.09 kB - libvirt-daemon-driver-nwfilter-2.0.0-10.el7.x86_64.rpm
MD5: db41623a7f853c4dfa8e12cacb4df331
SHA-256: 097f1438a9b44ef6f29541ae1d898eb5565489b180260950d42e19028c1ed768
Size: 202.10 kB - libvirt-daemon-driver-qemu-2.0.0-10.el7.x86_64.rpm
MD5: 2bccb537aeefb9847053dac7a7547502
SHA-256: d6b1970cb60cd81caac3facc257e7834fa0b2544878446bdc899f4e593fd2ef3
Size: 610.92 kB - libvirt-daemon-driver-secret-2.0.0-10.el7.x86_64.rpm
MD5: 19227bccd61b0ad977df04ea8ce58151
SHA-256: acdeecf4d1731a64f15e4e6b943a68d279e4ae3b60d42593f5da12af1f0ab0cb
Size: 168.45 kB - libvirt-daemon-driver-storage-2.0.0-10.el7.x86_64.rpm
MD5: db490d0f5bfd75943e2c880f6462c56d
SHA-256: 0c3fdde0feabe666c80b90c16995c084ba7339d26a6a1ee851fe0f1de3fbf4f7
Size: 372.28 kB - libvirt-daemon-kvm-2.0.0-10.el7.x86_64.rpm
MD5: 5f86dce8083520f08545d54c25d47293
SHA-256: 19433b3ef73b13f23bd5f93907e7fa75becfe836242a6db8585b2f014baca041
Size: 134.45 kB - libvirt-devel-2.0.0-10.el7.x86_64.rpm
MD5: 57aeb109e640fe81474fc53678723816
SHA-256: 3ce6ada4350c963474e3f1b0a30c3a7d9f6f0a73c2a9976e95b2209e82ffa260
Size: 281.27 kB - libvirt-docs-2.0.0-10.el7.x86_64.rpm
MD5: 872d5df089e743d23ab6d38d9ef7da7f
SHA-256: 2769c527a12979ee0f5eba69b010e2efcd1d104b836e953d3d50d5592a8129fd
Size: 3.74 MB - libvirt-client-2.0.0-10.el7.i686.rpm
MD5: ce13d93ff6621342afd2a27ad748f6f5
SHA-256: 528d8ef4806aae91d6bcad15c2226995c66547af3e682c92d0fef7fd72e535f4
Size: 4.29 MB - libvirt-devel-2.0.0-10.el7.i686.rpm
MD5: 364d790ba8bbe5db7cb57e6b1d6cbfd4
SHA-256: e7a42cac72153b034e0e4c8347d7d9e2ca41c08efceb7733c8d413d9892e0800
Size: 281.29 kB