libvirt

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description API for controlling virtualization engines (openvz,kvm,qemu,virtualbox,xen,etc)
Version 1:7.1.0-3 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1240 1:6.5.0-3 1:7.0.0-1 Critical Fixed
AVG-1232 6.5.0-1 6.5.0-2 High Fixed FS#67807
AVG-1174 5.10.0-1 6.3.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2020-25637 AVG-1240 Critical No Arbitrary code execution
A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain....
CVE-2020-14339 AVG-1232 High No Privilege escalation
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged...
CVE-2020-10703 AVG-1174 High Yes Denial of service
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a...

Advisories

Date Advisory Group Severity Type
29 Jan 2021 ASA-202101-42 AVG-1240 Critical arbitrary code execution
22 Sep 2020 ASA-202009-8 AVG-1232 High privilege escalation