Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2020-5719

Опубликовано: 11 июн. 2020
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2020-5719: libvirt security update (IMPORTANT)

[5.7.0-15.el7]

  • qemu: Escape the qemu driver systemd DOT hoax (Wim ten Have) [Orabug: 31380815]

[5.7.0-14.el7]

  • vmx: make 'fileName' optional for CD-ROMs (Pino Toscano) [Orabug: 31350200]
  • vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (Pino Toscano) [Orabug: 31350200]
  • domain group: Fix a potential SEGV while restoring guest domains (Wim ten Have) [Orabug: 31285615]
  • cpu_map: Distinguish Cascadelake-Server from Skylake-Server (Jiri Denemark) [Orabug: 31214897]
  • cpu_map: Add more -noTSX x86 CPU models (Christian Ehrhardt) [Orabug: 31214897]
  • qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads (Peter Krempa) [Orabug: 31251756] {CVE-2020-12430}

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

libvirt

5.7.0-15.el7

libvirt-admin

5.7.0-15.el7

libvirt-bash-completion

5.7.0-15.el7

libvirt-client

5.7.0-15.el7

libvirt-daemon

5.7.0-15.el7

libvirt-daemon-config-network

5.7.0-15.el7

libvirt-daemon-config-nwfilter

5.7.0-15.el7

libvirt-daemon-driver-interface

5.7.0-15.el7

libvirt-daemon-driver-lxc

5.7.0-15.el7

libvirt-daemon-driver-network

5.7.0-15.el7

libvirt-daemon-driver-nodedev

5.7.0-15.el7

libvirt-daemon-driver-nwfilter

5.7.0-15.el7

libvirt-daemon-driver-qemu

5.7.0-15.el7

libvirt-daemon-driver-secret

5.7.0-15.el7

libvirt-daemon-driver-storage

5.7.0-15.el7

libvirt-daemon-driver-storage-core

5.7.0-15.el7

libvirt-daemon-driver-storage-disk

5.7.0-15.el7

libvirt-daemon-driver-storage-gluster

5.7.0-15.el7

libvirt-daemon-driver-storage-iscsi

5.7.0-15.el7

libvirt-daemon-driver-storage-logical

5.7.0-15.el7

libvirt-daemon-driver-storage-mpath

5.7.0-15.el7

libvirt-daemon-driver-storage-rbd

5.7.0-15.el7

libvirt-daemon-driver-storage-scsi

5.7.0-15.el7

libvirt-daemon-kvm

5.7.0-15.el7

libvirt-daemon-lxc

5.7.0-15.el7

libvirt-daemon-qemu

5.7.0-15.el7

libvirt-devel

5.7.0-15.el7

libvirt-docs

5.7.0-15.el7

libvirt-libs

5.7.0-15.el7

libvirt-lock-sanlock

5.7.0-15.el7

libvirt-login-shell

5.7.0-15.el7

libvirt-nss

5.7.0-15.el7

Oracle Linux x86_64

libvirt

5.7.0-15.el7

libvirt-admin

5.7.0-15.el7

libvirt-bash-completion

5.7.0-15.el7

libvirt-client

5.7.0-15.el7

libvirt-daemon

5.7.0-15.el7

libvirt-daemon-config-network

5.7.0-15.el7

libvirt-daemon-config-nwfilter

5.7.0-15.el7

libvirt-daemon-driver-interface

5.7.0-15.el7

libvirt-daemon-driver-lxc

5.7.0-15.el7

libvirt-daemon-driver-network

5.7.0-15.el7

libvirt-daemon-driver-nodedev

5.7.0-15.el7

libvirt-daemon-driver-nwfilter

5.7.0-15.el7

libvirt-daemon-driver-qemu

5.7.0-15.el7

libvirt-daemon-driver-secret

5.7.0-15.el7

libvirt-daemon-driver-storage

5.7.0-15.el7

libvirt-daemon-driver-storage-core

5.7.0-15.el7

libvirt-daemon-driver-storage-disk

5.7.0-15.el7

libvirt-daemon-driver-storage-gluster

5.7.0-15.el7

libvirt-daemon-driver-storage-iscsi

5.7.0-15.el7

libvirt-daemon-driver-storage-logical

5.7.0-15.el7

libvirt-daemon-driver-storage-mpath

5.7.0-15.el7

libvirt-daemon-driver-storage-rbd

5.7.0-15.el7

libvirt-daemon-driver-storage-scsi

5.7.0-15.el7

libvirt-daemon-kvm

5.7.0-15.el7

libvirt-daemon-lxc

5.7.0-15.el7

libvirt-daemon-qemu

5.7.0-15.el7

libvirt-devel

5.7.0-15.el7

libvirt-docs

5.7.0-15.el7

libvirt-libs

5.7.0-15.el7

libvirt-lock-sanlock

5.7.0-15.el7

libvirt-login-shell

5.7.0-15.el7

libvirt-nss

5.7.0-15.el7

Связанные CVE

CVE-2020-12430

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2020-12430

CVSS3: 6.5
ubuntu
почти 6 лет назад

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

redhat логотип

CVE-2020-12430

CVSS3: 6.5
redhat
почти 6 лет назад

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

nvd логотип

CVE-2020-12430

CVSS3: 6.5
nvd
почти 6 лет назад

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

debian логотип

CVE-2020-12430

CVSS3: 6.5
debian
почти 6 лет назад

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...

github логотип

GHSA-mm94-82mx-j73h

CVSS3: 6.5
github
больше 3 лет назад

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.