[SECURITY] [DLA 2395-1] libvirt security update

2020-10-0215:06:32

lists.debian.org

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

13.3%

JSON

Debian LTS Advisory DLA-2395-1 [email protected]
https://www.debian.org/lts/security/ Roberto C. Sánchez
October 02, 2020 https://wiki.debian.org/LTS

Package : libvirt
Version : 3.0.0-4+deb9u5
CVE ID : CVE-2020-25637
Debian Bug : 971555

A double free vulnerability was discovered in libvirt, a toolkit to
interact with the virtualization capabilities of recent versions of
Linux (and other OSes).

For Debian 9 stretch, this problem has been fixed in version
3.0.0-4+deb9u5.

We recommend that you upgrade your libvirt packages.

For the detailed security status of libvirt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libvirt

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian9arm64libvirt-dev< 3.0.0-4+deb9u5libvirt-dev_3.0.0-4+deb9u5_arm64.deb
Debian10arm64libvirt-sanlock< 5.0.0-4+deb10u2libvirt-sanlock_5.0.0-4+deb10u2_arm64.deb
Debian10i386libvirt-daemon-driver-storage-rbd< 5.0.0-4+deb10u2libvirt-daemon-driver-storage-rbd_5.0.0-4+deb10u2_i386.deb
Debian10amd64libvirt-daemon-driver-storage-zfs< 5.0.0-4+deb10u2libvirt-daemon-driver-storage-zfs_5.0.0-4+deb10u2_amd64.deb
Debian9armellibvirt-clients< 3.0.0-4+deb9u5libvirt-clients_3.0.0-4+deb9u5_armel.deb
Debian10i386libnss-libvirt< 5.0.0-4+deb10u2libnss-libvirt_5.0.0-4+deb10u2_i386.deb
Debian10armhflibvirt-sanlock< 5.0.0-4+deb10u2libvirt-sanlock_5.0.0-4+deb10u2_armhf.deb
Debian10amd64libvirt0< 5.0.0-4+deb10u2libvirt0_5.0.0-4+deb10u2_amd64.deb
Debian10arm64libvirt0< 5.0.0-4+deb10u2libvirt0_5.0.0-4+deb10u2_arm64.deb
Debian10i386libvirt0< 5.0.0-4+deb10u2libvirt0_5.0.0-4+deb10u2_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	arm64	libvirt-dev	< 3.0.0-4+deb9u5	libvirt-dev_3.0.0-4+deb9u5_arm64.deb
Debian	10	arm64	libvirt-sanlock	< 5.0.0-4+deb10u2	libvirt-sanlock_5.0.0-4+deb10u2_arm64.deb
Debian	10	i386	libvirt-daemon-driver-storage-rbd	< 5.0.0-4+deb10u2	libvirt-daemon-driver-storage-rbd_5.0.0-4+deb10u2_i386.deb
Debian	10	amd64	libvirt-daemon-driver-storage-zfs	< 5.0.0-4+deb10u2	libvirt-daemon-driver-storage-zfs_5.0.0-4+deb10u2_amd64.deb
Debian	9	armel	libvirt-clients	< 3.0.0-4+deb9u5	libvirt-clients_3.0.0-4+deb9u5_armel.deb
Debian	10	i386	libnss-libvirt	< 5.0.0-4+deb10u2	libnss-libvirt_5.0.0-4+deb10u2_i386.deb
Debian	10	armhf	libvirt-sanlock	< 5.0.0-4+deb10u2	libvirt-sanlock_5.0.0-4+deb10u2_armhf.deb
Debian	10	amd64	libvirt0	< 5.0.0-4+deb10u2	libvirt0_5.0.0-4+deb10u2_amd64.deb
Debian	10	arm64	libvirt0	< 5.0.0-4+deb10u2	libvirt0_5.0.0-4+deb10u2_arm64.deb
Debian	10	i386	libvirt0	< 5.0.0-4+deb10u2	libvirt0_5.0.0-4+deb10u2_i386.deb