[Pkg-libvirt-maintainers] Bug#966563: libvirt: CVE-2020-14339
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 30 19:12:38 BST 2020
Source: libvirt
Version: 6.4.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for libvirt.
CVE-2020-14339[0]:
leak of /dev/mapper/control into QEMU guests
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-14339
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14339
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1860069
[2] https://www.redhat.com/archives/libvir-list/2020-July/msg01500.html
[3] https://www.redhat.com/archives/libvir-list/2020-July/msg01501.html
Please adjust the affected versions in the BTS as needed. The issue
though appers to be introduce in 6.2.0 only and guess 6.6.0 will
contain all the neede depending bits as well.
Regards,
Salvatore
More information about the Pkg-libvirt-maintainers
mailing list