Bug 29847 - libvirt new security issues CVE-2021-3975, CVE-2021-4147, CVE-2022-0897, and CVE-2023-2700
Summary: libvirt new security issues CVE-2021-3975, CVE-2021-4147, CVE-2022-0897, and ...
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Thierry Vignaud
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-01-05 16:32 CET by David Walser
Modified: 2024-03-13 13:42 CET (History)
2 users (show)

See Also:
Source RPM: libvirt-7.0.0-2.2.mga8.src.rpm
CVE:
Status comment: Fixed upstream in 9.3.0

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-01-05 16:32:00 CET 
SUSE has issued an advisory on January 4:
https://lists.suse.com/pipermail/sle-security-updates/2022-January/009962.html

Mageia 8 is also affected.
Comment 1 David Walser 2022-01-05 16:32:45 CET 
openSUSE has issued an advisory for this on January 4:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4GRZCYHIJFWN3FE3P7JJYRY7F7UO2HTA/

Whiteboard: (none) => MGA8TOO

Comment 2 Lewis Smith 2022-01-06 21:48:11 CET 
Assigning to Thierry who is the active maintainer of libvirt.

Assignee: bugsquad => thierry.vignaud

Comment 3 Nicolas Lécureuil 2022-01-06 22:53:07 CET 
patches added in cauldron

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)
CC: (none) => mageia

Comment 4 David Walser 2022-01-07 19:07:03 CET 
SUSE has issued an advisory on January 5:
https://lists.suse.com/pipermail/sle-security-updates/2022-January/009972.html

The issue is fixed upstream in 7.1.0.

Source RPM: libvirt-7.10.0-2.mga9.src.rpm => libvirt-7.0.0-2.2.mga8.src.rpm
Summary: libvirt new security issue CVE-2021-4147 => libvirt new security issues CVE-2021-3975 and CVE-2021-4147

Comment 5 David Walser 2022-05-03 17:27:16 CEST 
Ubuntu has issued an advisory for this on May 2:
https://ubuntu.com/security/notices/USN-5399-1

It also fixes a new issue that was fixed upstream in 8.2.0.

Summary: libvirt new security issues CVE-2021-3975 and CVE-2021-4147 => libvirt new security issues CVE-2021-3975, CVE-2021-4147, and CVE-2022-0897

Comment 6 David Walser 2022-11-09 17:28:50 CET 
(In reply to David Walser from comment #5)
> Ubuntu has issued an advisory for this on May 2:
> https://ubuntu.com/security/notices/USN-5399-1
> 
> It also fixes a new issue that was fixed upstream in 8.2.0.

RedHat has issued an advisory for this new issue on November 8:
https://access.redhat.com/errata/RHSA-2022:7472
Comment 7 David Walser 2023-06-20 14:50:13 CEST 
Ubuntu has issued an advisory on May 31:
https://ubuntu.com/security/notices/USN-6126-1

It fixes a new issue that is fixed upstream in 9.3.0.

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 9.3.0
Version: 8 => Cauldron
Summary: libvirt new security issues CVE-2021-3975, CVE-2021-4147, and CVE-2022-0897 => libvirt new security issues CVE-2021-3975, CVE-2021-4147, CVE-2022-0897, and CVE-2023-2700

Comment 8 Nicolas Salguero 2024-03-13 13:42:21 CET 
Mageia 8 EOL.

CC: (none) => nicolas.salguero
Resolution: (none) => OLD
Status: NEW => RESOLVED
Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8
Note You need to log in before you can comment on or make changes to this bug.