[libvirt-users] Vulnerability in gnuTLS
Daniel P. Berrange
berrange at redhat.com
Thu Jun 12 09:28:06 UTC 2014
On Thu, Jun 12, 2014 at 08:24:42AM +0200, Boehme, Alfred wrote:
> Hello,
>
> There is a vulnerability described in the gnuTLS library which is used in libvirt:
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
>
>
> We are using libvirt 0.8.7 on Windows so my question is:
> Is there already a windows version with a newer gnuTLS library
> which has a fix for the mentioned vulnerability?
If you're using libvirt 0.8.7 you've got far more than just the
gnutls vuln to worry about - that's a libvirt more than 3 years
old now. I'd suggest your upgrade everything to something modern.
Any recent libvirt is capable of being built for Windows using
the Mingw64 toolchain. We don't provide official builds ourself
but you can get Fedora Mingw64 packages for libvirt & everything
it depends on.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvirt-users
mailing list