libvirt

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	API for controlling virtualization engines (openvz,kvm,qemu,virtualbox,xen,etc)
Version	1:8.8.0-1 [community-testing] 1:8.7.0-1 [community]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2230	1:7.5.0-1	1:7.6.0-1	Low	Fixed
AVG-2124	1:7.3.0-1		Medium	Not affected
AVG-1240	1:6.5.0-3	1:7.0.0-1	Critical	Fixed
AVG-1232	6.5.0-1	6.5.0-2	High	Fixed	FS#67807
AVG-1174	5.10.0-1	6.3.0-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-3667	AVG-2230	Low	No	Denial of service	An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt before version 7.6.0. It occurs in the...
CVE-2021-3631	AVG-2124	Medium	No	Information disclosure	A security issue was found in libvirt before version 7.5.0 while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one...
CVE-2020-25637	AVG-1240	Critical	No	Arbitrary code execution	A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain....
CVE-2020-14339	AVG-1232	High	No	Privilege escalation	A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged...
CVE-2020-10703	AVG-1174	High	Yes	Denial of service	A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a...

Advisories

Date	Advisory	Group	Severity	Type
29 Jan 2021	ASA-202101-42	AVG-1240	Critical	arbitrary code execution
22 Sep 2020	ASA-202009-8	AVG-1232	High	privilege escalation