Re: [libvirt-users] Vulnerability in gnuTLS
On Thu, Jun 12, 2014 at 08:24:42AM +0200, Boehme, Alfred wrote:
Hello,
There is a vulnerability described in the gnuTLS library which is used in libvirt:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
We are using libvirt 0.8.7 on Windows so my question is:
Is there already a windows version with a newer gnuTLS library
which has a fix for the mentioned vulnerability?
If you're using libvirt 0.8.7 you've got far more than just the
gnutls vuln to worry about - that's a libvirt more than 3 years
old now. I'd suggest your upgrade everything to something modern.
Any recent libvirt is capable of being built for Windows using
the Mingw64 toolchain. We don't provide official builds ourself
but you can get Fedora Mingw64 packages for libvirt & everything
it depends on.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|