libvirt

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description API for controlling virtualization engines (openvz,kvm,qemu,virtualbox,xen,etc)
Version 1:6.5.0-3 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-1240 6.5.0-2 Critical Vulnerable
Issue Group Severity Remote Type Description
CVE-2020-25637 AVG-1240 Critical No Arbitrary code execution
A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain....

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1232 6.5.0-1 6.5.0-2 High Fixed FS#67807
AVG-1174 5.10.0-1 6.3.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2020-14339 AVG-1232 High No Privilege escalation
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged...
CVE-2020-10703 AVG-1174 High Yes Denial of service
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a...

Advisories

Date Advisory Group Severity Description
22 Sep 2020 ASA-202009-8 AVG-1232 High privilege escalation