RHSA-2019:1580-01 -- Redhat SLOF, hivex, libguestfs, libguestfs-winsupport, libiscsi, libssh2, libvirt, libvirt-dbus, libvirt-python, nbdkit, netcf, perl-Sys-Virt, qemu-kvm, seabios, sgabios, supermin, qemu-guest-agentID: oval:org.secpod.oval:def:66676 | Date: (C)2020-11-09 (M)2024-01-29 |
Class: PATCH | Family: unix |
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients * libvirt: arbitrary command execution via virConnectGetDomainCapabilities API * libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 8 |
Product: |
SLOF |
hivex |
libguestfs |
libguestfs-winsupport |
libiscsi |
libssh2 |
libvirt |
libvirt-dbus |
libvirt-python |
nbdkit |
netcf |
perl-Sys-Virt |
qemu-kvm |
seabios |
sgabios |
supermin |
qemu-guest-agent |