libvirt
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | API for controlling virtualization engines (openvz,kvm,qemu,virtualbox,xen,etc) |
| Version | 1:6.5.0-3 [community] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1240 | 6.5.0-2 | Critical | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-25637 | AVG-1240 | Critical | No | Arbitrary code execution | A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain.... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1232 | 6.5.0-1 | 6.5.0-2 | High | Fixed | FS#67807 |
| AVG-1174 | 5.10.0-1 | 6.3.0-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-14339 | AVG-1232 | High | No | Privilege escalation | A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged... |
| CVE-2020-10703 | AVG-1174 | High | Yes | Denial of service | A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a... |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 22 Sep 2020 | ASA-202009-8 | AVG-1232 | High | privilege escalation |