Mageia Advisory: MGASA-2020-0250 - Updated libvirt packages fix security vulnerability

Updated libvirt packages fix security vulnerability

Publication date: 10 Jun 2020
Modification date: 10 Jun 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10703 , CVE-2020-12430

Description

Updated libvirt packages fix security vulnerability:

It was discovered that libvirt incorrectly handled an active pool without
a target path. A remote attacker could possibly use this issue to cause
libvirt to crash, resulting in a denial of service (CVE-2020-10703).

It was discovered that libvirt incorrectly handled memory when retrieving
certain domain statistics. A remote attacker could possibly use this issue to
cause libvirt to consume resources, resulting in a denial of service
(CVE-2020-12430).

References

https://bugs.mageia.org/show_bug.cgi?id=26600
https://usn.ubuntu.com/4371-1/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12430

SRPMS

7/core

libvirt-5.5.0-1.1.mga7

Advisories » MGASA-2020-0250

Updated libvirt packages fix security vulnerability

Description

References

SRPMS

7/core