MGASA-2016-0248

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2016-5008

Published: 08 Jul 2016, 19:50

Last modified:16 Apr 2026, 06:23

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

08 Jul 2016, 19:50

Published

Vulnerability first disclosed

16 Apr 2026, 06:23

Last Modified

Vulnerability information updated

Description

Updated libvirt packages fix security vulnerabilities Updated libvirt packages fix security vulnerability: Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled, allowing any user to connect, despite the documentation declaring that setting an empty password for the VNC server prevents all client connections. With this update the behaviour is enforced by setting the password expiration to "now" (CVE-2016-5008).

Affected Systems

mageia•libvirt
< 1.2.9.3-1.4.mga5

MGASA-2016-0248

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)