MGASA-2020-0473 - Updated libvirt packages fix security vulnerability Publication date: 29 Dec 2020 URL: https://advisories.mageia.org/MGASA-2020-0473.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-25637 A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-25637). References: - https://bugs.mageia.org/show_bug.cgi?id=27388 - https://access.redhat.com/errata/RHSA-2020:5040 - https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637 SRPMS: - 7/core/libvirt-5.5.0-1.3.mga7
Mageia 2020-0473: libvirt security update
A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain
Summary
CVE: CVE-2020-25637
A double free memory issue was found to occur in the libvirt API responsible
for requesting information about network interfaces of a running QEMU domain.
This flaw affects the polkit access control driver. Specifically, clients
connecting to the read-write socket with limited ACL permissions could use this
flaw to crash the libvirt daemon, resulting in a denial of service, or
potentially escalate their privileges on the system. The highest threat from
this vulnerability is to data confidentiality and integrity as well as system
availability (CVE-2020-25637).
Resolution
MGASA-2020-0473 - Updated libvirt packages fix security vulnerability
References
- https://bugs.mageia.org/show_bug.cgi?id=27388
- https://access.redhat.com/errata/RHSA-2020:5040
- https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637
Severity
Issued Date: 29 Dec 2020
URL: https://advisories.mageia.org/MGASA-2020-0473.html
Type: security
Affected Mageia releases: 7
News
HOWTOs
Features
Secure Linux Hosting for Businesses
What Is Threat Intelligence?
CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services
LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website
Biden's New Executive Cybersecurity Order Highlights the Power of Open-Source Security
About Us
Powered By
