ALSA-2020:4676
- Source
- https://errata.almalinux.org/8/ALSA-2020-4676.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4676.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2020:4676
- Related
- Published
- 2020-11-03T12:26:07Z
- Modified
- 2021-12-23T15:15:25Z
- Summary
- Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
- Details
-
Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.
The following packages have been upgraded to a later upstream version: hivex (1.3.18), libguestfs (1.40.2), libguestfs-winsupport (8.2), libvirt (6.0.0), libvirt-dbus (1.3.0), libvirt-python (6.0.0), nbdkit (1.16.2), perl-Sys-Virt (6.0.0), qemu-kvm (4.2.0), seabios (1.13.0), SLOF (20191022). (BZ#1810193, BZ#1844296)
Security Fix(es):
libvirt: leak of /dev/mapper/control into QEMU guests (CVE-2020-14339)
QEMU: Slirp: use-after-free during packet reassembly (CVE-2019-15890)
libvirt: Potential DoS by holding a monitor job while querying QEMU guest-agent (CVE-2019-20485)
QEMU: slirp: use-after-free in ipreass() function in ipinput.c (CVE-2020-1983)
libvirt: Potential denial of service via active pool without target path (CVE-2020-10703)
libvirt: leak of sensitive cookie information via dumpxml (CVE-2020-14301)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
- References
Affected packages
AlmaLinux:8 / hivex
Package
- Name
- hivex
AlmaLinux:8 / hivex-devel
Package
- Name
- hivex-devel
AlmaLinux:8 / libguestfs-winsupport
Package
- Name
- libguestfs-winsupport
AlmaLinux:8 / libguestfs-winsupport
Package
- Name
- libguestfs-winsupport
AlmaLinux:8 / libiscsi
Package
- Name
- libiscsi
AlmaLinux:8 / libiscsi
Package
- Name
- libiscsi
AlmaLinux:8 / libiscsi
Package
- Name
- libiscsi
AlmaLinux:8 / libiscsi-devel
Package
- Name
- libiscsi-devel
AlmaLinux:8 / libiscsi-devel
Package
- Name
- libiscsi-devel
AlmaLinux:8 / libiscsi-devel
Package
- Name
- libiscsi-devel
AlmaLinux:8 / libiscsi-utils
Package
- Name
- libiscsi-utils
AlmaLinux:8 / libiscsi-utils
Package
- Name
- libiscsi-utils
AlmaLinux:8 / libiscsi-utils
Package
- Name
- libiscsi-utils
AlmaLinux:8 / libnbd
Package
- Name
- libnbd
AlmaLinux:8 / libnbd
Package
- Name
- libnbd
AlmaLinux:8 / libnbd-devel
Package
- Name
- libnbd-devel
AlmaLinux:8 / libnbd-devel
Package
- Name
- libnbd-devel
AlmaLinux:8 / libvirt
Package
- Name
- libvirt
AlmaLinux:8 / libvirt-admin
Package
- Name
- libvirt-admin
AlmaLinux:8 / libvirt-bash-completion
Package
- Name
- libvirt-bash-completion
AlmaLinux:8 / libvirt-client
Package
- Name
- libvirt-client
AlmaLinux:8 / libvirt-daemon
Package
- Name
- libvirt-daemon
AlmaLinux:8 / libvirt-daemon-config-network
Package
- Name
- libvirt-daemon-config-network
AlmaLinux:8 / libvirt-daemon-config-nwfilter
Package
- Name
- libvirt-daemon-config-nwfilter
AlmaLinux:8 / libvirt-daemon-driver-interface
Package
- Name
- libvirt-daemon-driver-interface
AlmaLinux:8 / libvirt-daemon-driver-network
Package
- Name
- libvirt-daemon-driver-network
AlmaLinux:8 / libvirt-daemon-driver-nodedev
Package
- Name
- libvirt-daemon-driver-nodedev
AlmaLinux:8 / libvirt-daemon-driver-nwfilter
Package
- Name
- libvirt-daemon-driver-nwfilter
AlmaLinux:8 / libvirt-daemon-driver-secret
Package
- Name
- libvirt-daemon-driver-secret
AlmaLinux:8 / libvirt-daemon-driver-storage
Package
- Name
- libvirt-daemon-driver-storage
AlmaLinux:8 / libvirt-daemon-driver-storage-core
Package
- Name
- libvirt-daemon-driver-storage-core
AlmaLinux:8 / libvirt-daemon-driver-storage-disk
Package
- Name
- libvirt-daemon-driver-storage-disk
AlmaLinux:8 / libvirt-daemon-driver-storage-iscsi
Package
- Name
- libvirt-daemon-driver-storage-iscsi
AlmaLinux:8 / libvirt-daemon-driver-storage-iscsi-direct
Package
- Name
- libvirt-daemon-driver-storage-iscsi-direct
AlmaLinux:8 / libvirt-daemon-driver-storage-logical
Package
- Name
- libvirt-daemon-driver-storage-logical
AlmaLinux:8 / libvirt-daemon-driver-storage-mpath
Package
- Name
- libvirt-daemon-driver-storage-mpath
AlmaLinux:8 / libvirt-daemon-driver-storage-rbd
Package
- Name
- libvirt-daemon-driver-storage-rbd
AlmaLinux:8 / libvirt-daemon-driver-storage-scsi
Package
- Name
- libvirt-daemon-driver-storage-scsi
AlmaLinux:8 / libvirt-dbus
Package
- Name
- libvirt-dbus
AlmaLinux:8 / libvirt-dbus
Package
- Name
- libvirt-dbus
AlmaLinux:8 / libvirt-dbus
Package
- Name
- libvirt-dbus
AlmaLinux:8 / libvirt-devel
Package
- Name
- libvirt-devel
AlmaLinux:8 / libvirt-docs
Package
- Name
- libvirt-docs
AlmaLinux:8 / libvirt-libs
Package
- Name
- libvirt-libs
AlmaLinux:8 / libvirt-nss
Package
- Name
- libvirt-nss
AlmaLinux:8 / nbdfuse
Package
- Name
- nbdfuse
AlmaLinux:8 / nbdfuse
Package
- Name
- nbdfuse
AlmaLinux:8 / nbdkit
Package
- Name
- nbdkit
AlmaLinux:8 / nbdkit-bash-completion
Package
- Name
- nbdkit-bash-completion
AlmaLinux:8 / nbdkit-basic-filters
Package
- Name
- nbdkit-basic-filters
AlmaLinux:8 / nbdkit-basic-plugins
Package
- Name
- nbdkit-basic-plugins
AlmaLinux:8 / nbdkit-curl-plugin
Package
- Name
- nbdkit-curl-plugin
AlmaLinux:8 / nbdkit-devel
Package
- Name
- nbdkit-devel
AlmaLinux:8 / nbdkit-example-plugins
Package
- Name
- nbdkit-example-plugins
AlmaLinux:8 / nbdkit-gzip-plugin
Package
- Name
- nbdkit-gzip-plugin
AlmaLinux:8 / nbdkit-linuxdisk-plugin
Package
- Name
- nbdkit-linuxdisk-plugin
AlmaLinux:8 / nbdkit-python-plugin
Package
- Name
- nbdkit-python-plugin
AlmaLinux:8 / nbdkit-server
Package
- Name
- nbdkit-server
AlmaLinux:8 / nbdkit-ssh-plugin
Package
- Name
- nbdkit-ssh-plugin
AlmaLinux:8 / nbdkit-vddk-plugin
Package
- Name
- nbdkit-vddk-plugin
AlmaLinux:8 / nbdkit-xz-filter
Package
- Name
- nbdkit-xz-filter
AlmaLinux:8 / netcf
Package
- Name
- netcf
AlmaLinux:8 / netcf
Package
- Name
- netcf
AlmaLinux:8 / netcf
Package
- Name
- netcf
AlmaLinux:8 / netcf-devel
Package
- Name
- netcf-devel
AlmaLinux:8 / netcf-devel
Package
- Name
- netcf-devel
AlmaLinux:8 / netcf-devel
Package
- Name
- netcf-devel
AlmaLinux:8 / netcf-libs
Package
- Name
- netcf-libs
AlmaLinux:8 / netcf-libs
Package
- Name
- netcf-libs
AlmaLinux:8 / netcf-libs
Package
- Name
- netcf-libs
AlmaLinux:8 / ocaml-hivex
Package
- Name
- ocaml-hivex
AlmaLinux:8 / ocaml-hivex-devel
Package
- Name
- ocaml-hivex-devel
AlmaLinux:8 / ocaml-libguestfs
Package
- Name
- ocaml-libguestfs
AlmaLinux:8 / ocaml-libguestfs-devel
Package
- Name
- ocaml-libguestfs-devel
AlmaLinux:8 / ocaml-libnbd
Package
- Name
- ocaml-libnbd
AlmaLinux:8 / ocaml-libnbd-devel
Package
- Name
- ocaml-libnbd-devel
AlmaLinux:8 / perl-Sys-Virt
Package
- Name
- perl-Sys-Virt
AlmaLinux:8 / perl-Sys-Virt
Package
- Name
- perl-Sys-Virt
AlmaLinux:8 / perl-hivex
Package
- Name
- perl-hivex
AlmaLinux:8 / python3-hivex
Package
- Name
- python3-hivex
AlmaLinux:8 / python3-libnbd
Package
- Name
- python3-libnbd
AlmaLinux:8 / python3-libnbd
Package
- Name
- python3-libnbd
AlmaLinux:8 / python3-libvirt
Package
- Name
- python3-libvirt
AlmaLinux:8 / python3-libvirt
Package
- Name
- python3-libvirt
AlmaLinux:8 / ruby-hivex
Package
- Name
- ruby-hivex
AlmaLinux:8 / seabios
Package
- Name
- seabios
AlmaLinux:8 / seabios-bin
Package
- Name
- seabios-bin
AlmaLinux:8 / seavgabios-bin
Package
- Name
- seavgabios-bin
AlmaLinux:8 / sgabios
Package
- Name
- sgabios
AlmaLinux:8 / sgabios
Package
- Name
- sgabios
AlmaLinux:8 / sgabios-bin
Package
- Name
- sgabios-bin
AlmaLinux:8 / sgabios-bin
Package
- Name
- sgabios-bin
AlmaLinux:8 / supermin
Package
- Name
- supermin