[SECURITY] Fedora 34 Update: libvirt-7.0.0-7.fc34

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...

SUSE: Security Advisory (SUSE-SU-2020:1208-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : xen (SUSE-SU-2021:1460-1)

This update for xen fixes the following issues : CVE-2020-28368: Intel RAPL sidechannel attack aka PLATYPUS attack bsc1178591, XSA-351 CVE-2021-3308: IRQ vector leak on x86 bsc1181254, XSA-360 CVE-2021-28687: HVM soft-reset crashes toolstack bsc1183072, XSA-368 L3: conring size for XEN HV's with...

Low: Red Hat Security Advisory: virt:8.3 and virt-devel:8.3 security and bug fix update

An update for the virt:8.3 and virt-devel:8.3 modules is now available for Advanced Virtualization for RHEL 8.3.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SUSE SLES12 Security Update : xen (SUSE-SU-2021:1023-1)

This update for xen fixes the following issues : CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 bsc1181254, XSA-360 CVE-2021-28687: VUL-0: xen: HVM soft-reset crashes toolstack bsc1183072, XSA-368 CVE-2021-20257: VUL-0: xen: infinite loop issue in the e1000 NIC emulator bsc1182846...

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2021:1028-1)

This update for xen fixes the following issues : CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 bsc1181254, XSA-360 CVE-2021-28687: HVM soft-reset crashes toolstack bsc1183072, XSA-368 L3: conring size for XEN HV's with huge memory to small. Inital Xen logs cut bsc1177204 L3: XEN domU crashed ...

Medium: libvirt

Issue Overview: A flaw was found in the way the libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest, where it holds a monitor job while issuing the 'suspend' command to a guest-agent. A malicious guest-agent may use this flaw to block the libvirt daemon...

[SECURITY] Fedora 31 Update: libvirt-5.6.0-7.fc31

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...

SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2020:1208-1)

This update for libvirt fixes the following issues : Security issues fixed : CVE-2020-10703: Fixed a daemon crash caused by pools without target paths bsc1168683. CVE-2020-12430: Fixed a memory leak in qemuDomainGetStatsIOThread bsc1170765. Non-security issues fixed : Support setting credit2...

Denial Of Service (DoS)

libvirt is vulnerable to denial of service DoS. The vulnerability exists as an integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus with specially-crafted parameters,...

Important: Red Hat Security Advisory: virt:rhel security and bug fix update

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

virt:rhel security and bug fix update

An update is available for libiscsi, netcf, sgabios. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine KVM offers a full virtualizatio...

Important: virt:rhel security and bug fix update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

ALSA-2020:1358 Important: virt:rhel security and bug fix update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

RLSA-2020:1358 Important: virt:rhel security and bug fix update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting wi...

CVE-2019-20485

A flaw was found in the way the libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest, where it holds a monitor job while issuing the 'suspend' command to a guest-agent. A malicious guest-agent may use this flaw to block the libvirt daemon indefinitely, resulti...

CVE-2019-10161

It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of...

CVE-2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local...

CVE-2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local...

DEBIAN-CVE-2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local...