What Are You Looking For?

Sign Up
MGASA-2020-0283 - Updated libvirt packages fix security vulnerability

Publication date: 06 Jul 2020
URL: https://advisories.mageia.org/MGASA-2020-0283.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-20485

Updated libvirt packages fix security vulnerability:

A flaw was found in the way the libvirtd daemon issued the 'suspend'
command to a QEMU guest-agent running inside a guest, where it holds
a monitor job while issuing the 'suspend' command to a guest-agent.
A malicious guest-agent may use this flaw to block the libvirt daemon
indefinitely, resulting in a denial of service (CVE-2019-20485).

References:
- https://bugs.mageia.org/show_bug.cgi?id=26816
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485

SRPMS:
- 7/core/libvirt-5.5.0-1.2.mga7

Mageia 2020-0283: libvirt security update

Updated libvirt packages fix security vulnerability: A flaw was found in the way the libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest, whe...

Summary

Updated libvirt packages fix security vulnerability:
A flaw was found in the way the libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest, where it holds a monitor job while issuing the 'suspend' command to a guest-agent. A malicious guest-agent may use this flaw to block the libvirt daemon indefinitely, resulting in a denial of service (CVE-2019-20485).

References

- https://bugs.mageia.org/show_bug.cgi?id=26816

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485

Resolution

MGASA-2020-0283 - Updated libvirt packages fix security vulnerability

SRPMS

- 7/core/libvirt-5.5.0-1.2.mga7

Severity
Publication date: 06 Jul 2020
URL: https://advisories.mageia.org/MGASA-2020-0283.html
Type: security
CVE: CVE-2019-20485

Related News

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Linus Torvalds on the State of Linux Today and How AI Figures in Its Future

Dec 6, 2023

Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover

Dec 7, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo