Advisories » MGASA-2020-0283

Updated libvirt packages fix security vulnerability

Publication date: 06 Jul 2020
Modification date: 06 Jul 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20485

Description

Updated libvirt packages fix security vulnerability:

A flaw was found in the way the libvirtd daemon issued the 'suspend'
command to a QEMU guest-agent running inside a guest, where it holds
a monitor job while issuing the 'suspend' command to a guest-agent.
A malicious guest-agent may use this flaw to block the libvirt daemon
indefinitely, resulting in a denial of service (CVE-2019-20485).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26816
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485

SRPMS

7/core

• libvirt-5.5.0-1.2.mga7