Miembros de
Boletines de Vulnerabilidades |
DSA-4003 libvirt - security update |
|
Información sobre el sistema |
|
| Software afectado | Debian |
Descripción |
|
|
Daniel P. Berrange reported that Libvirt, a virtualisation abstractionlibrary, does not properly handle the default_tls_x509_verify (andrelated) parameters in qemu.conf when setting up TLS clients and serversin QEMU, resulting in TLS clients for character devices and disk deviceshaving verification turned off and ignoring any errors while validatingthe server certificate. More info: https://www.debian.org/security/2017/dsa-4003 |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2017-1000 and DSA-4003. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2017-10-20 |