[Bug 697197] Re: Empty password allows access to VNC in libvirt
Launchpad Bug Tracker
697197 at bugs.launchpad.net
Mon Feb 14 19:04:07 UTC 2011
This bug was fixed in the package qemu-kvm - 0.12.5+noroms-0ubuntu7.2
---------------
qemu-kvm (0.12.5+noroms-0ubuntu7.2) maverick-security; urgency=low
[ Dustin Kirkland ]
* SECURITY UPDATE: Setting VNC password to empty string silently
disables all authentication (LP: #697197).
- debian/patches/697197-fix-vnc-password-semantics.patch: Reverses the
change introduced in Qemu by git commit 52c18be9, thanks to Neil Wilson.
- CVE-2011-0011
[ Kees Cook ]
* debian/rules: disable parallel build; fix FTBFS.
-- Kees Cook <kees at ubuntu.com> Fri, 11 Feb 2011 15:52:12 -0800
** Changed in: qemu-kvm (Ubuntu Maverick)
Status: Fix Committed => Fix Released
** Changed in: qemu-kvm (Ubuntu Lucid)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
More information about the Ubuntu-server-bugs
mailing list