Description
It was found that QEMU's qemuDomainMigratePerform() and
qemuDomainMigrateFinish2() functions did not correctly perform a domain unlock
on a failed ACL check. A remote attacker able to establish a connection to
libvirtd could use this flaw to lock a domain of a more privileged user, causing
a denial of service. (CVE-2014-8136)
It was discovered that the virDomainSnapshotGetXMLDesc() and
virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of
the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote
attacker able to establish a connection to libvirtd could use this flaw to
obtain certain sensitive information from the domain XML file. (CVE-2015-0236)