Advisories ยป MGASA-2020-0283

Updated libvirt packages fix security vulnerability

Publication date: 06 Jul 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20485


Updated libvirt packages fix security vulnerability:

A flaw was found in the way the libvirtd daemon issued the 'suspend'
command to a QEMU guest-agent running inside a guest, where it holds
a monitor job while issuing the 'suspend' command to a guest-agent.
A malicious guest-agent may use this flaw to block the libvirt daemon
indefinitely, resulting in a denial of service (CVE-2019-20485).