{"id":"RLSA-2020:4676","summary":"Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update","details":"Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.\n\nThe following packages have been upgraded to a later upstream version: hivex (1.3.18), libguestfs (1.40.2), libguestfs-winsupport (8.2), libvirt (6.0.0), libvirt-dbus (1.3.0), libvirt-python (6.0.0), nbdkit (1.16.2), perl-Sys-Virt (6.0.0), qemu-kvm (4.2.0), seabios (1.13.0), SLOF (20191022). (BZ#1810193, BZ#1844296)\n\nSecurity Fix(es):\n\n* libvirt: leak of /dev/mapper/control into QEMU guests (CVE-2020-14339)\n\n* QEMU: Slirp: use-after-free during packet reassembly (CVE-2019-15890)\n\n* libvirt: Potential DoS by holding a monitor job while querying QEMU guest-agent (CVE-2019-20485)\n\n* QEMU: slirp: use-after-free in ip_reass() function in ip_input.c (CVE-2020-1983)\n\n* libvirt: Potential denial of service via active pool without target path (CVE-2020-10703)\n\n* libvirt: leak of sensitive cookie information via dumpxml (CVE-2020-14301)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.","modified":"2026-03-11T05:55:21.607446Z","published":"2020-11-03T12:26:07Z","upstream":["CVE-2019-15890","CVE-2019-20485","CVE-2020-10703","CVE-2020-14301","CVE-2020-14339","CVE-2020-1983"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2020:4676"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1518042"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1664324"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1715039"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1717394"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1727865"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1749716"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1756946"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1759849"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1763191"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790189"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805998"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1807057"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1809740"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1810193"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1811539"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816650"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828681"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829825"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1844296"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1845459"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848640"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849997"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1854380"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857779"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860069"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1867847"}],"affected":[{"package":{"name":"hivex","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/hivex?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.3.18-20.module+el8.4.0+534+4680a14e"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"libguestfs-winsupport","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/libguestfs-winsupport?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.2-1.module+el8.4.0+534+4680a14e"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"libiscsi","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/libiscsi?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.18.0-8.module+el8.7.0+1084+97b81f61"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"libiscsi","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/libiscsi?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.18.0-8.module+el8.4.0+534+4680a14e"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"libiscsi","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/libiscsi?distro=rocky-linux-8-6-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.18.0-8.module+el8.6.0+847+b490afdd"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"libnbd","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/libnbd?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.2-1.module+el8.4.0+534+4680a14e"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"libvirt-dbus","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/libvirt-dbus?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.3.0-2.module+el8.7.0+1084+97b81f61"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"libvirt-dbus","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/libvirt-dbus?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.3.0-2.module+el8.4.0+534+4680a14e"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"libvirt-dbus","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/libvirt-dbus?distro=rocky-linux-8-6-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.3.0-2.module+el8.6.0+847+b490afdd"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"libvirt-python","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/libvirt-python?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.0.0-1.module+el8.4.0+534+4680a14e"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"nbdkit","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/nbdkit?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.16.2-4.module+el8.4.0+534+4680a14e"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"netcf","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/netcf?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.2.8-12.module+el8.7.0+1084+97b81f61"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"netcf","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/netcf?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.2.8-12.module+el8.4.0+534+4680a14e"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"netcf","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/netcf?distro=rocky-linux-8-6-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.2.8-12.module+el8.6.0+847+b490afdd"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"perl-Sys-Virt","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/perl-Sys-Virt?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.0.0-1.module+el8.4.0+534+4680a14e"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"seabios","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/seabios?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.13.0-2.module+el8.4.0+534+4680a14e"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"sgabios","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/sgabios?distro=rocky-linux-8&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:0.20170427git-3.module+el8.7.0+1084+97b81f61"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"sgabios","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/sgabios?distro=rocky-linux-8-4-legacy&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:0.20170427git-3.module+el8.4.0+534+4680a14e"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"sgabios","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/sgabios?distro=rocky-linux-8-6-legacy&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:0.20170427git-3.module+el8.6.0+847+b490afdd"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}},{"package":{"name":"supermin","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/supermin?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.1.19-10.module+el8.4.0+534+4680a14e"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2020:4676.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}