(RHSA-2020:3586) Important: virt:8.2 and virt-devel:8.2 security and bug fix update

ID RHSA-2020:3586
Type redhat
Reporter RedHat
Modified 2020-09-01T13:30:35


The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

Security Fix(es):

  • libvirt: leak of /dev/mapper/control into QEMU guests (CVE-2020-14339)

  • QEMU: slirp: networking out-of-bounds read information disclosure vulnerability (CVE-2020-10756)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • QEMU command 'transaction': Bitmap already exists: libvirt-tmp-activewrite (BZ#1861681)

  • qemu-img convert uses possibly slow pre-zeroing on block storage (BZ#1861682)

  • from time to time virsh net-dhcp-leases <net> does not show all leases (BZ#1868271)