A security issue fixed upstream in libvirt 6.8.0 has been announced on October 2: https://www.openwall.com/lists/oss-security/2020/10/02/1 The commits that fixed the issue are linked in the message above.
Hi, thanks for reporting this bug. Assigning globally as no registered maintainer. CC'd recent commiter. (Please set the status to 'assigned' if you are working on it)
Assignee: bugsquad => pkg-bugsKeywords: (none) => TriagedCC: (none) => thierry.vignaud
Debian-LTS has issued an advisory for this on October 2: https://www.debian.org/lts/security/2020/dla-2395
SUSE has issued an advisory for this on October 26: https://lists.suse.com/pipermail/sle-security-updates/2020-October/007626.html
openSUSE has issued an advisory for this today (October 31): https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html
RedHat has issued an advisory for this today (November 10): https://access.redhat.com/errata/RHSA-2020:5040
Patched package uploaded for Mageia 7. Advisory: ======================== Updated libvirt packages fix security vulnerability: A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-25637). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637 https://access.redhat.com/errata/RHSA-2020:5040 https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html ======================== Updated packages in core/updates_testing: ======================== libvirt-docs-5.5.0-1.3.mga7 libvirt0-5.5.0-1.3.mga7 libvirt-devel-5.5.0-1.3.mga7 libvirt-utils-5.5.0-1.3.mga7 wireshark-libvirt-5.5.0-1.3.mga7 libnss_libvirt2-5.5.0-1.3.mga7 from libvirt-5.5.0-1.3.mga7.src.rpm
Assignee: pkg-bugs => qa-bugs
Severity: normal => major
Installed and tested without issues. Host system: Mageia 7, x86_64, Plasma DE, LXQt DE, virt-viewer, virt-manager, Intel CPU, nVidia CPU using nvidia-current proprietary driver. Guest systems: - Mageia 7, x86_64, LXQt DE, virtio drivers, spice agent. - Mageia 8/cauldron, x86_64, LXQt DE, virtio drivers, spice agent. - Windows 7 Pro, x86_64, spice agent, spice webdavd. - Windows 10, x86_64, spice agent, spice webdavd. Tested guests somewhat for a few hours. No regressions noticed. $ uname -a Linux marte 5.7.19-desktop-3.mga7 #1 SMP Sun Oct 18 15:46:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | egrep 'virt|qemu|spice' | sort ipxe-roms-qemu-20190125-1.mga7 lib64govirt2-0.3.4-8.mga7 lib64spice-client-glib2.0_8-0.37-1.mga7 lib64spice-client-glib-gir2.0-0.37-1.mga7 lib64spice-client-gtk3.0_5-0.37-1.mga7 lib64spice-client-gtk-gir3.0-0.37-1.mga7 lib64spice-server1-0.14.2-1.1.mga7 lib64virt0-5.5.0-1.3.mga7 lib64virt-glib1.0_0-2.0.0-1.mga7 lib64virt-glib-gir1.0-2.0.0-1.mga7 libgovirt-0.3.4-8.mga7 libvirt-utils-5.5.0-1.3.mga7 python3-libvirt-5.5.0-1.mga7 qemu-audio-alsa-4.0.0-2.mga7 qemu-audio-oss-4.0.0-2.mga7 qemu-audio-pa-4.0.0-2.mga7 qemu-audio-sdl-4.0.0-2.mga7 qemu-block-curl-4.0.0-2.mga7 qemu-block-dmg-4.0.0-2.mga7 qemu-block-iscsi-4.0.0-2.mga7 qemu-block-nfs-4.0.0-2.mga7 qemu-block-ssh-4.0.0-2.mga7 qemu-common-4.0.0-2.mga7 qemu-img-4.0.0-2.mga7 qemu-kvm-4.0.0-2.mga7 qemu-system-x86-4.0.0-2.mga7 qemu-system-x86-core-4.0.0-2.mga7 qemu-ui-curses-4.0.0-2.mga7 qemu-ui-gtk-4.0.0-2.mga7 qemu-ui-sdl-4.0.0-2.mga7 spice-gtk-0.37-1.mga7 virt-manager-2.1.0-2.mga7 virt-manager-common-2.1.0-2.mga7 virt-viewer-8.0-3.mga7 wireshark-libvirt-5.5.0-1.3.mga7
CC: (none) => mageiaWhiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 6.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Advisory pushed to SVN.
Keywords: (none) => advisoryCC: (none) => ouaurelien
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0473.html
Status: NEW => RESOLVEDResolution: (none) => FIXED