Note:
This project will be discontinued after December 13, 2021. [more]
2017-10-31
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
Products | Debian_linux, Libvirt |
Type | Improper Certificate Validation (CWE-295) |
First patch | - None (likely due to unavailable code) |
Links |
• https://access.redhat.com/security/cve/CVE-2017-1000256
• http://www.debian.org/security/2017/dsa-4003 • https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html • https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.html |