RHSA-2020:4676-01 -- Centos SLOF, hivex, libguestfs, libguestfs-winsupport, libiscsi, libnbd, libvirt, libvirt-dbus, libvirt-python, nbdkit, netcf, perl-Sys-Virt, qemu-kvm, seabios, sgabios, supermin, qemu-guest-agentID: oval:org.secpod.oval:def:68020 | Date: (C)2020-12-23 (M)2024-04-03 |
Class: PATCH | Family: unix |
Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. The following packages have been upgraded to a later upstream version: hivex , libguestfs , libguestfs-winsupport , libvirt , libvirt-dbus , libvirt-python , nbdkit , perl-Sys-Virt , qemu-kvm , seabios , SLOF . Security Fix: * libvirt: leak of /dev/mapper/control into QEMU guests * QEMU: Slirp: use-after-free during packet reassembly * libvirt: Potential DoS by holding a monitor job while querying QEMU guest-agent * QEMU: slirp: use-after-free in ip_reass function in ip_input.c * libvirt: Potential denial of service via active pool without target path * libvirt: leak of sensitive cookie information via dumpxml For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the CentOS 8.3 Release Notes linked from the References section.
Product: |
SLOF |
hivex |
libguestfs |
libguestfs-winsupport |
libiscsi |
libnbd |
libvirt |
libvirt-dbus |
libvirt-python |
nbdkit |
netcf |
perl-Sys-Virt |
qemu-kvm |
seabios |
sgabios |
supermin |
qemu-guest-agent |