1
PublicDateAtUSN: 2017-10-31
2
Candidate: CVE-2017-1000256
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000256
6
https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html
7
http://security.libvirt.org/2017/0002.html
8
https://usn.ubuntu.com/usn/usn-3576-1
10
libvirt version 2.3.0 and later is vulnerable to a bad default
11
configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a
12
failure to validate SSL/TLS certificates by default.
16
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878799
18
Discovered-by: Daniel P. Berrange
23
break-fix: ce61c16450d4992612d1fc6f39a39e79bfccead5 441d3eb6d1be940a67ce45a286602a967601b157
24
upstream: https://libvirt.org/git/?p=libvirt.git;a=commit;h=441d3eb6d1be940a67ce45a286602a967601b157
25
upstream_libvirt: released (3.8.0-3)
26
precise/esm_libvirt: not-affected (code not present)
27
trusty_libvirt: not-affected (code not present)
28
vivid/ubuntu-core_libvirt: DNE
29
xenial_libvirt: not-affected (code not present)
30
zesty_libvirt: ignored (reached end-of-life)
31
artful_libvirt: released (3.6.0-1ubuntu6.3)
32
devel_libvirt: not-affected (4.0.0-1ubuntu2)