{"id":"USN-2867-1","summary":"libvirt vulnerabilities","details":"It was discovered that libvirt incorrectly handled the firewall rules on\nbridge networks when the daemon was restarted. This could result in an\nunintended firewall configuration. This issue only applied to Ubuntu 12.04\nLTS. (CVE-2011-4600)\n\nPeter Krempa discovered that libvirt incorrectly handled locking when\ncertain ACL checks failed. A local attacker could use this issue to cause\nlibvirt to stop responding, resulting in a denial of service. This issue\nonly applied to Ubuntu 14.04 LTS. (CVE-2014-8136)\n\nLuyao Huang discovered that libvirt incorrectly handled VNC passwords in\nshapshot and image files. A remote authenticated user could use this issue\nto possibly obtain VNC passwords. This issue only affected Ubuntu 14.04\nLTS. (CVE-2015-0236)\n\nHan Han discovered that libvirt incorrectly handled volume creation\nfailure when used with NFS. A remote authenticated user could use this\nissue to cause libvirt to crash, resulting in a denial of service. This\nissue only applied to Ubuntu 15.10. (CVE-2015-5247)\n\nOssi Herrala and Joonas Kuorilehto discovered that libvirt incorrectly\nperformed storage pool name validation. A remote authenticated user could\nuse this issue to bypass ACLs and gain access to unintended files. This\nissue only applied to Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10.\n(CVE-2015-5313)\n","modified":"2026-04-22T09:20:26.697451Z","published":"2016-01-12T18:06:25Z","related":["UBUNTU-CVE-2014-8136","UBUNTU-CVE-2015-0236","UBUNTU-CVE-2015-5313"],"upstream":["CVE-2011-4600","CVE-2014-8136","CVE-2015-0236","CVE-2015-5313","UBUNTU-CVE-2011-4600","UBUNTU-CVE-2014-8136","UBUNTU-CVE-2015-0236","UBUNTU-CVE-2015-5247","UBUNTU-CVE-2015-5313"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2867-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2011-4600"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-8136"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0236"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5247"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5313"}],"affected":[{"package":{"name":"libvirt","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/libvirt@1.2.2-0ubuntu13.1.16?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.2-0ubuntu13.1.16"}]}],"versions":["1.1.1-0ubuntu8","1.1.1-0ubuntu9","1.1.4-0ubuntu2","1.1.4-0ubuntu3","1.1.4-0ubuntu4","1.1.4-0ubuntu5","1.2.0-0ubuntu1","1.2.0-0ubuntu2","1.2.0-0ubuntu3","1.2.1-0ubuntu1","1.2.1-0ubuntu2","1.2.1-0ubuntu3","1.2.1-0ubuntu4","1.2.1-0ubuntu5","1.2.1-0ubuntu7","1.2.1-0ubuntu8","1.2.1-0ubuntu9","1.2.1-0ubuntu10","1.2.2-0ubuntu1","1.2.2-0ubuntu2","1.2.2-0ubuntu3","1.2.2-0ubuntu4","1.2.2-0ubuntu5","1.2.2-0ubuntu6","1.2.2-0ubuntu7","1.2.2-0ubuntu8","1.2.2-0ubuntu9","1.2.2-0ubuntu10","1.2.2-0ubuntu11","1.2.2-0ubuntu12","1.2.2-0ubuntu13","1.2.2-0ubuntu13.1","1.2.2-0ubuntu13.1.1","1.2.2-0ubuntu13.1.2","1.2.2-0ubuntu13.1.4","1.2.2-0ubuntu13.1.5","1.2.2-0ubuntu13.1.6","1.2.2-0ubuntu13.1.7","1.2.2-0ubuntu13.1.8","1.2.2-0ubuntu13.1.9","1.2.2-0ubuntu13.1.10","1.2.2-0ubuntu13.1.12","1.2.2-0ubuntu13.1.14"],"ecosystem_specific":{"binaries":[{"binary_name":"libvirt-bin","binary_version":"1.2.2-0ubuntu13.1.16"},{"binary_name":"libvirt0","binary_version":"1.2.2-0ubuntu13.1.16"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2867-1.json","cves_map":{"cves":[{"id":"CVE-2014-8136","severity":[{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2015-0236","severity":[{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2015-5313","severity":[{"score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:14.04:LTS"}}}],"schema_version":"1.7.5"}