Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Ubuntu 19.10 and 18.04 LTS: USN-4371-1 Moderate: Libvirt Denial of Service

ubuntu
Calendar Grey May 21, 2020
Dist Ubuntu Esm H88
Several vulnerabilities in libvirt have been addressed for Ubuntu 20.04 LTS and 21.10. Users are advised to update to safeguard their systems.
Several security issues were fixed in libvirt.

Summary

Several security issues were fixed in libvirt.

Software Description:

- libvirt: Libvirt virtualization toolkit

Details:

It was discovered that libvirt incorrectly handled an active pool without a

target path. A remote attacker could possibly use this issue to cause

libvirt to crash, resulting in a denial of service. (CVE-2020-10703)

It was discovered that libvirt incorrectly handled memory when retrieving

certain domain statistics. A remote attacker could possibly use this issue

to cause libvirt to consume resources, resulting in a denial of service.

This issue only affected Ubuntu 19.10. (CVE-2020-12430)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  libvirt-clients                 5.4.0-0ubuntu5.4
  libvirt-daemon                  5.4.0-0ubuntu5.4
  libvirt0                        5.4.0-0ubuntu5.4

Ubuntu 18.04 LTS:
  libvirt-clients                 4.0.0-1ubuntu8.17
  libvirt-daemon                  4.0.0-1ubuntu8.17
  libvirt0                        4.0.0-1ubuntu8.17

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4371-1

CVE-2020-10703, CVE-2020-12430

May 21, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.