libvirt

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description API for controlling virtualization engines (openvz,kvm,qemu,virtualbox,xen,etc)
Version 1:10.10.0-1 [extra-testing]
1:10.9.0-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2230 1:7.5.0-1 1:7.6.0-1 Low Fixed
AVG-2124 1:7.3.0-1 Medium Not affected
AVG-1240 1:6.5.0-3 1:7.0.0-1 Critical Fixed
AVG-1232 6.5.0-1 6.5.0-2 High Fixed FS#67807
AVG-1174 5.10.0-1 6.3.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-3667 AVG-2230 Low No Denial of service
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt before version 7.6.0. It occurs in the...
CVE-2021-3631 AVG-2124 Medium No Information disclosure
A security issue was found in libvirt before version 7.5.0 while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one...
CVE-2020-25637 AVG-1240 Critical No Arbitrary code execution
A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain....
CVE-2020-14339 AVG-1232 High No Privilege escalation
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged...
CVE-2020-10703 AVG-1174 High Yes Denial of service
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a...

Advisories

Date Advisory Group Severity Type
29 Jan 2021 ASA-202101-42 AVG-1240 Critical arbitrary code execution
22 Sep 2020 ASA-202009-8 AVG-1232 High privilege escalation