Fedora has issued an advisory on June 16:
The issue is fixed upstream in 6.0.0.
We can probably borrow Fedora's patch from Fedora 31.
Assigning to Thierry as the main recent SRPM maintainer.
libvirt-5.5.0-1.2.mga7 pushed in mga7 updates_testing
Updated libvirt packages fix security vulnerability:
A flaw was found in the way the libvirtd daemon issued the 'suspend' command to
a QEMU guest-agent running inside a guest, where it holds a monitor job while
issuing the 'suspend' command to a guest-agent. A malicious guest-agent may use
this flaw to block the libvirt daemon indefinitely, resulting in a denial of
Updated packages in core/updates_testing:
Installed and tested without issues.
WARNING: The package python3-libvirt-5.5.0-1.mga7 was NOT updated. Please check if this is correct.
Host system: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver.
- Mageia 7, x86_64
- Mageia 8 (cauldron), x86_64
- Windows 10, x86_64
- Windows 7, x86_64
$ uname -a
Linux marte 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep virt.*5.5.0
$ virsh list
Id Nome Estado
1 mageia_8 em execução
libvirt wasn't updated either, it was just patched, so there's nothing to update for python-libvirt.
Thanks for the clarification, David. The test in Comment 4 should be sufficient, then.
Giving it an OK and validating. Advisory in Comment 3.
An update for this issue has been pushed to the Mageia Updates repository.