Bridged networking with libvirt

Add to /etc/sysconfig/network-scripts/ifcfg-eth0

BRIDGE=br0

And remove (if present):

BOOTPROTO=dhcp

Create new file as /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes
DELAY=0

CVE-2014-4232CVE-2014-4232

Affected configuration(s):

cpe:/a:oracle:virtualization:4.63
cpe:/a:oracle:virtualization:4.71
cpe:/a:oracle:virtualization:5.0
cpe:/a:oracle:virtualization:5.1
cpe:/a:oracle:virtualization_secure_global_desktop:4.63
cpe:/a:oracle:virtualization_secure_global_desktop:4.71
cpe:/a:oracle:virtualization_secure_global_desktop:5.0
cpe:/a:oracle:virtualization_secure_global_desktop:5.10

Date published: 2014-07-17T01:10:16.780-04:00

Date last modified: 2017-08-28T21:34:54.030-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://seclists.org/fulldisclosure/2014/Dec/23

Summary: Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related to Workspace Web Application, a different vulnerability than CVE-2014-2463.

CVE-2014-9659CVE-2014-9659

Affected configuration(s):

cpe:/a:freetype:freetype:2.5.3
cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.10
cpe:/o:canonical:ubuntu_linux:15.04
cpe:/o:fedoraproject:fedora:20
cpe:/o:fedoraproject:fedora:21
cpe:/o:novell:opensuse:13.1
cpe:/o:novell:opensuse:13.2
cpe:/o:oracle:solaris:10.0
cpe:/o:oracle:solaris:11.2

Date published: 2015-02-08T06:59:21.633-05:00

Date last modified: 2017-06-30T21:29:10.157-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://code.google.com/p/google-security-research/issues/detail?id=190

Summary: cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

CVE-2014-9660CVE-2014-9660

Affected configuration(s):

cpe:/a:freetype:freetype:2.5.3
cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.10
cpe:/o:canonical:ubuntu_linux:15.04
cpe:/o:debian:debian_linux:7.0
cpe:/o:fedoraproject:fedora:20
cpe:/o:fedoraproject:fedora:21
cpe:/o:novell:opensuse:13.1
cpe:/o:novell:opensuse:13.2
cpe:/o:oracle:solaris:10.0
cpe:/o:oracle:solaris:11.2
cpe:/o:redhat:enterprise_linux_desktop:6.0
cpe:/o:redhat:enterprise_linux_desktop:7.0
cpe:/o:redhat:enterprise_linux_hpc_node:6
cpe:/o:redhat:enterprise_linux_hpc_node:7.0
cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1
cpe:/o:redhat:enterprise_linux_server:6.0
cpe:/o:redhat:enterprise_linux_server:7.0
cpe:/o:redhat:enterprise_linux_server_eus:6.6.z
cpe:/o:redhat:enterprise_linux_server_eus:7.1
cpe:/o:redhat:enterprise_linux_workstation:6.0
cpe:/o:redhat:enterprise_linux_workstation:7.0

Date published: 2015-02-08T06:59:22.680-05:00

Date last modified: 2017-06-30T21:29:10.233-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://advisories.mageia.org/MGASA-2015-0083.html

Summary: The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.

CVE-2014-9658CVE-2014-9658

Affected configuration(s):

cpe:/a:freetype:freetype:2.5.3
cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.10
cpe:/o:canonical:ubuntu_linux:15.04
cpe:/o:debian:debian_linux:7.0
cpe:/o:fedoraproject:fedora:20
cpe:/o:fedoraproject:fedora:21
cpe:/o:novell:opensuse:13.1
cpe:/o:novell:opensuse:13.2
cpe:/o:oracle:solaris:10.0
cpe:/o:oracle:solaris:11.2
cpe:/o:redhat:enterprise_linux_desktop:6.0
cpe:/o:redhat:enterprise_linux_desktop:7.0
cpe:/o:redhat:enterprise_linux_hpc_node:6
cpe:/o:redhat:enterprise_linux_hpc_node:7.0
cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1
cpe:/o:redhat:enterprise_linux_server:6.0
cpe:/o:redhat:enterprise_linux_server:7.0
cpe:/o:redhat:enterprise_linux_server_eus:6.6.z
cpe:/o:redhat:enterprise_linux_server_eus:7.1
cpe:/o:redhat:enterprise_linux_workstation:6.0
cpe:/o:redhat:enterprise_linux_workstation:7.0

Date published: 2015-02-08T06:59:20.647-05:00

Date last modified: 2017-06-30T21:29:10.077-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://advisories.mageia.org/MGASA-2015-0083.html

Summary: The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

CVE-2014-9657CVE-2014-9657

Affected configuration(s):

cpe:/a:freetype:freetype:2.5.3
cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.10
cpe:/o:canonical:ubuntu_linux:15.04
cpe:/o:debian:debian_linux:7.0
cpe:/o:fedoraproject:fedora:20
cpe:/o:fedoraproject:fedora:21
cpe:/o:novell:opensuse:13.1
cpe:/o:novell:opensuse:13.2
cpe:/o:oracle:solaris:10.0
cpe:/o:oracle:solaris:11.2
cpe:/o:redhat:enterprise_linux_desktop:6.0
cpe:/o:redhat:enterprise_linux_desktop:7.0
cpe:/o:redhat:enterprise_linux_hpc_node:6.0
cpe:/o:redhat:enterprise_linux_hpc_node:7.0
cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1
cpe:/o:redhat:enterprise_linux_server:6.0
cpe:/o:redhat:enterprise_linux_server:7.0
cpe:/o:redhat:enterprise_linux_server_eus:6.6.z
cpe:/o:redhat:enterprise_linux_server_eus:7.1
cpe:/o:redhat:enterprise_linux_workstation:6.0
cpe:/o:redhat:enterprise_linux_workstation:7.0

Date published: 2015-02-08T06:59:19.647-05:00

Date last modified: 2017-06-30T21:29:09.997-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://advisories.mageia.org/MGASA-2015-0083.html

Summary: The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

CVE-2014-0447CVE-2014-0447

Affected configuration(s):

cpe:/o:oracle:sunos:5.11.1
cpe:/o:sun:sunos:5.10

Date published: 2014-04-15T20:55:24.060-04:00

Date last modified: 2016-11-22T10:52:17.770-05:00

CVSS Score: 4.9

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

Summary: Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2013-5876.

CVE-2014-9663CVE-2014-9663

Affected configuration(s):

cpe:/a:freetype:freetype:2.5.3
cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.10
cpe:/o:canonical:ubuntu_linux:15.04
cpe:/o:debian:debian_linux:7.0
cpe:/o:fedoraproject:fedora:20
cpe:/o:fedoraproject:fedora:21
cpe:/o:novell:opensuse:13.1
cpe:/o:novell:opensuse:13.2
cpe:/o:oracle:solaris:10.0
cpe:/o:oracle:solaris:11.2
cpe:/o:redhat:enterprise_linux_desktop:6.0
cpe:/o:redhat:enterprise_linux_desktop:7.0
cpe:/o:redhat:enterprise_linux_hpc_node:6
cpe:/o:redhat:enterprise_linux_hpc_node:7.0
cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1
cpe:/o:redhat:enterprise_linux_server:6.0
cpe:/o:redhat:enterprise_linux_server:7.0
cpe:/o:redhat:enterprise_linux_server_eus:6.6.z
cpe:/o:redhat:enterprise_linux_server_eus:7.1
cpe:/o:redhat:enterprise_linux_workstation:6.0
cpe:/o:redhat:enterprise_linux_workstation:7.0

Date published: 2015-02-08T06:59:25.490-05:00

Date last modified: 2017-06-30T21:29:10.420-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://advisories.mageia.org/MGASA-2015-0083.html

Summary: The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field’s value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.

CVE-2014-9666CVE-2014-9666

Affected configuration(s):

cpe:/a:freetype:freetype:2.5.3
cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.10
cpe:/o:canonical:ubuntu_linux:15.04
cpe:/o:debian:debian_linux:7.0
cpe:/o:fedoraproject:fedora:20
cpe:/o:fedoraproject:fedora:21
cpe:/o:novell:opensuse:13.1
cpe:/o:novell:opensuse:13.2
cpe:/o:oracle:solaris:10.0
cpe:/o:oracle:solaris:11.2
cpe:/o:redhat:enterprise_linux_desktop:6.0
cpe:/o:redhat:enterprise_linux_desktop:7.0
cpe:/o:redhat:enterprise_linux_hpc_node:6
cpe:/o:redhat:enterprise_linux_hpc_node:7.0
cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1
cpe:/o:redhat:enterprise_linux_server:6.0
cpe:/o:redhat:enterprise_linux_server:7.0
cpe:/o:redhat:enterprise_linux_server_eus:6.6.z
cpe:/o:redhat:enterprise_linux_server_eus:7.1
cpe:/o:redhat:enterprise_linux_workstation:6.0
cpe:/o:redhat:enterprise_linux_workstation:7.0

Date published: 2015-02-08T06:59:28.193-05:00

Date last modified: 2017-06-30T21:29:10.623-04:00

CVSS Score: 6.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://advisories.mageia.org/MGASA-2015-0083.html

Summary: The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.

CVE-2014-9670CVE-2014-9670

Affected configuration(s):

cpe:/a:freetype:freetype:2.5.3
cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.10
cpe:/o:canonical:ubuntu_linux:15.04
cpe:/o:debian:debian_linux:7.0
cpe:/o:fedoraproject:fedora:20
cpe:/o:fedoraproject:fedora:21
cpe:/o:novell:opensuse:13.1
cpe:/o:novell:opensuse:13.2
cpe:/o:oracle:solaris:10.0
cpe:/o:oracle:solaris:11.2
cpe:/o:redhat:enterprise_linux_desktop:6.0
cpe:/o:redhat:enterprise_linux_desktop:7.0
cpe:/o:redhat:enterprise_linux_hpc_node:6
cpe:/o:redhat:enterprise_linux_hpc_node:7.0
cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1
cpe:/o:redhat:enterprise_linux_server:6.0
cpe:/o:redhat:enterprise_linux_server:7.0
cpe:/o:redhat:enterprise_linux_server_eus:6.6.z
cpe:/o:redhat:enterprise_linux_server_eus:7.1
cpe:/o:redhat:enterprise_linux_workstation:6.0
cpe:/o:redhat:enterprise_linux_workstation:7.0

Date published: 2015-02-08T06:59:31.693-05:00

Date last modified: 2017-06-30T21:29:10.890-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://advisories.mageia.org/MGASA-2015-0083.html

Summary: Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.