Описание
ELSA-2020-5961: libvirt security update (IMPORTANT)
[5.7.0-21.el7]
- exadata: Fix the validation when defining domain groups (Wim ten Have) [Orabug: 32085856]
- Revert 'qemu: dont take agent and monitor job for shutdown' (Menno Lageman) [Orabug: 32080283]
- Revert 'qemu: dont hold a monitor and agent job for reboot' (Menno Lageman) [Orabug: 32080283]
- Revert 'qemu: dont hold monitor and agent job when setting time' (Menno Lageman) [Orabug: 32080283]
- Revert 'qemu: remove use of qemuDomainObjBeginJobWithAgent()' (Menno Lageman) [Orabug: 32080283]
- qemu: improve error message when guest vcpu count exceeds domain group limit (Menno Lageman) [Orabug: 31985111]
- qemu: Autonomous hugepage acquisition for 2-MiB and 1-GiB guest memoryBacking. (Wim ten Have)
- qemu: Fix a qemuMemReleaseHostHugepages state error (Wim ten Have) [Orabug: 32069203]
- qemu: avoid guest CPU process handling if exadataConfig is disabled (Wim ten Have) [Orabug: 32053696]
- domain_conf: Relax SCSI addr used check (Michal Privoznik) [Orabug: 31386162]
- domain_conf: Make virDomainDeviceFindSCSIController accept virDomainDeviceDriveAddress struct (Michal Privoznik) [Orabug: 31386162]
[5.7.0-20.el7]
- qemu: remove use of qemuDomainObjBeginJobWithAgent() (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485}
- qemu: dont hold monitor and agent job when setting time (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485}
- qemu: dont hold a monitor and agent job for reboot (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485}
- qemu: dont take agent and monitor job for shutdown (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485}
- qemu: agent: set ifname to NULL after freeing (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637}
- rpc: require write acl for guest agent in virDomainInterfaceAddresses (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637}
- rpc: add support for filtering @acls by uint params (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637}
- rpc: gendispatch: handle empty flags (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637}
- qemu: blockcopy: Fix conditions when virStorageSource should be initialized (Peter Krempa) [Orabug: 31517934]
- qemu: blockcopy: Report error on image format detection failure (Peter Krempa) [Orabug: 31517934]
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
libvirt
5.7.0-21.el7
libvirt-admin
5.7.0-21.el7
libvirt-bash-completion
5.7.0-21.el7
libvirt-client
5.7.0-21.el7
libvirt-daemon
5.7.0-21.el7
libvirt-daemon-config-network
5.7.0-21.el7
libvirt-daemon-config-nwfilter
5.7.0-21.el7
libvirt-daemon-driver-interface
5.7.0-21.el7
libvirt-daemon-driver-lxc
5.7.0-21.el7
libvirt-daemon-driver-network
5.7.0-21.el7
libvirt-daemon-driver-nodedev
5.7.0-21.el7
libvirt-daemon-driver-nwfilter
5.7.0-21.el7
libvirt-daemon-driver-qemu
5.7.0-21.el7
libvirt-daemon-driver-secret
5.7.0-21.el7
libvirt-daemon-driver-storage
5.7.0-21.el7
libvirt-daemon-driver-storage-core
5.7.0-21.el7
libvirt-daemon-driver-storage-disk
5.7.0-21.el7
libvirt-daemon-driver-storage-gluster
5.7.0-21.el7
libvirt-daemon-driver-storage-iscsi
5.7.0-21.el7
libvirt-daemon-driver-storage-logical
5.7.0-21.el7
libvirt-daemon-driver-storage-mpath
5.7.0-21.el7
libvirt-daemon-driver-storage-rbd
5.7.0-21.el7
libvirt-daemon-driver-storage-scsi
5.7.0-21.el7
libvirt-daemon-kvm
5.7.0-21.el7
libvirt-daemon-lxc
5.7.0-21.el7
libvirt-daemon-qemu
5.7.0-21.el7
libvirt-devel
5.7.0-21.el7
libvirt-docs
5.7.0-21.el7
libvirt-libs
5.7.0-21.el7
libvirt-lock-sanlock
5.7.0-21.el7
libvirt-login-shell
5.7.0-21.el7
libvirt-nss
5.7.0-21.el7
Oracle Linux x86_64
libvirt
5.7.0-21.el7
libvirt-admin
5.7.0-21.el7
libvirt-bash-completion
5.7.0-21.el7
libvirt-client
5.7.0-21.el7
libvirt-daemon
5.7.0-21.el7
libvirt-daemon-config-network
5.7.0-21.el7
libvirt-daemon-config-nwfilter
5.7.0-21.el7
libvirt-daemon-driver-interface
5.7.0-21.el7
libvirt-daemon-driver-lxc
5.7.0-21.el7
libvirt-daemon-driver-network
5.7.0-21.el7
libvirt-daemon-driver-nodedev
5.7.0-21.el7
libvirt-daemon-driver-nwfilter
5.7.0-21.el7
libvirt-daemon-driver-qemu
5.7.0-21.el7
libvirt-daemon-driver-secret
5.7.0-21.el7
libvirt-daemon-driver-storage
5.7.0-21.el7
libvirt-daemon-driver-storage-core
5.7.0-21.el7
libvirt-daemon-driver-storage-disk
5.7.0-21.el7
libvirt-daemon-driver-storage-gluster
5.7.0-21.el7
libvirt-daemon-driver-storage-iscsi
5.7.0-21.el7
libvirt-daemon-driver-storage-logical
5.7.0-21.el7
libvirt-daemon-driver-storage-mpath
5.7.0-21.el7
libvirt-daemon-driver-storage-rbd
5.7.0-21.el7
libvirt-daemon-driver-storage-scsi
5.7.0-21.el7
libvirt-daemon-kvm
5.7.0-21.el7
libvirt-daemon-lxc
5.7.0-21.el7
libvirt-daemon-qemu
5.7.0-21.el7
libvirt-devel
5.7.0-21.el7
libvirt-docs
5.7.0-21.el7
libvirt-libs
5.7.0-21.el7
libvirt-lock-sanlock
5.7.0-21.el7
libvirt-login-shell
5.7.0-21.el7
libvirt-nss
5.7.0-21.el7
Связанные CVE
Связанные уязвимости
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A double free memory issue was found to occur in the libvirt API, in v ...
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.