Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2020-4000

Опубликовано: 06 окт. 2020
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2020-4000: libvirt security and bug fix update (MODERATE)

[4.5.0-36]

  • virDevMapperGetTargetsImpl: Be tolerant to kernels without DM support (rhbz#1823976)
  • virDevMapperGetTargetsImpl: quit early if device is not a devmapper target (rhbz#1823976)

[4.5.0-35]

  • qemu: dont take agent and monitor job for shutdown (CVE-2019-20485)
  • qemu: dont hold a monitor and agent job for reboot (CVE-2019-20485)
  • qemu: dont hold monitor and agent job when setting time (CVE-2019-20485)
  • qemu: remove use of qemuDomainObjBeginJobWithAgent() (CVE-2019-20485)
  • qemu: remove qemuDomainObjBegin/EndJobWithAgent() (CVE-2019-20485)
  • storage: Fix daemon crash on lookup storagepool by targetpath (CVE-2020-10703)

[4.5.0-34]

  • vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (rhbz#1815269)
  • vmx: make 'fileName' optional for CD-ROMs (rhbz#1815269)
  • RHEL: Fix migration on AMD hosts with old QEMU (rhbz#1815572)

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

libvirt

4.5.0-36.el7

libvirt-admin

4.5.0-36.el7

libvirt-bash-completion

4.5.0-36.el7

libvirt-client

4.5.0-36.el7

libvirt-daemon

4.5.0-36.el7

libvirt-daemon-config-network

4.5.0-36.el7

libvirt-daemon-config-nwfilter

4.5.0-36.el7

libvirt-daemon-driver-interface

4.5.0-36.el7

libvirt-daemon-driver-lxc

4.5.0-36.el7

libvirt-daemon-driver-network

4.5.0-36.el7

libvirt-daemon-driver-nodedev

4.5.0-36.el7

libvirt-daemon-driver-nwfilter

4.5.0-36.el7

libvirt-daemon-driver-qemu

4.5.0-36.el7

libvirt-daemon-driver-secret

4.5.0-36.el7

libvirt-daemon-driver-storage

4.5.0-36.el7

libvirt-daemon-driver-storage-core

4.5.0-36.el7

libvirt-daemon-driver-storage-disk

4.5.0-36.el7

libvirt-daemon-driver-storage-gluster

4.5.0-36.el7

libvirt-daemon-driver-storage-iscsi

4.5.0-36.el7

libvirt-daemon-driver-storage-logical

4.5.0-36.el7

libvirt-daemon-driver-storage-mpath

4.5.0-36.el7

libvirt-daemon-driver-storage-rbd

4.5.0-36.el7

libvirt-daemon-driver-storage-scsi

4.5.0-36.el7

libvirt-daemon-kvm

4.5.0-36.el7

libvirt-daemon-lxc

4.5.0-36.el7

libvirt-devel

4.5.0-36.el7

libvirt-docs

4.5.0-36.el7

libvirt-libs

4.5.0-36.el7

libvirt-lock-sanlock

4.5.0-36.el7

libvirt-login-shell

4.5.0-36.el7

libvirt-nss

4.5.0-36.el7

Связанные CVE

CVE-2020-10703
CVE-2019-20485

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2020:4676

rocky
больше 4 лет назад

Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

oracle-oval логотип

ELSA-2020-4676

oracle-oval
больше 4 лет назад

ELSA-2020-4676: virt:ol and virt-devel:rhel security, bug fix, and enhancement update (MODERATE)

ubuntu логотип

CVE-2019-20485

CVSS3: 5.7
ubuntu
больше 5 лет назад

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

redhat логотип

CVE-2019-20485

CVSS3: 5.8
redhat
больше 5 лет назад

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

nvd логотип

CVE-2019-20485

CVSS3: 5.7
nvd
больше 5 лет назад

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).