Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3434
libvirt security update
5 October 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libvirt
Publisher: Debian
Operating System: Debian GNU/Linux 9
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-25637
Original Bulletin:
https://www.debian.org/lts/security/2020/dla-2395
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running libvirt check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2395-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Roberto C. S=E1nchez
October 02, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : libvirt
Version : 3.0.0-4+deb9u5
CVE ID : CVE-2020-25637
Debian Bug : 971555
A double free vulnerability was discovered in libvirt, a toolkit to
interact with the virtualization capabilities of recent versions of
Linux (and other OSes).
For Debian 9 stretch, this problem has been fixed in version
3.0.0-4+deb9u5.
We recommend that you upgrade your libvirt packages.
For the detailed security status of libvirt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libvirt
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl93QfgACgkQLNd4Xt2n
sg8DEBAAkeKv1LKTnvAHIym0wOxFSR42XWytKimJGEC0MlTLcbnOjhUM/GOtkahk
q/uhCaJThxMpAEC73vsY7Uswi1lkjtErahYYbIXh+d/KpLC5ikGAYBZGqK+cKOLe
7lv9vtIv5yvcjQ5PTMcIS0dbqFNUmz1Q65Zu/FynmgtKiq4h6fuxbM6VtaPe4UNT
JSJ/vwTVif+rG3hP+SMg7nndeTv+mKr3uGxEz5DZnm7i33LrLjy8Rx6CdQpAOVIY
n2mCPMpHYq0UIE1xIAP17G/L0mCnCNwwq+feKBaNonhPAQ29aQEFRWE1nSacvFD8
Z9SESGnf+YnwRsSOitV5h1HRQgKDfFQI9zu6UpB5sFqFj+9SV+p3tvmTvGBu3u1/
LNTcYua7Qc5/Q1AyAiK4G6a3wwVbo7ktkZc+l/HO942gwfKij9z4RLVrjBdrkfVY
y5CYMaxahtPYBmU2HZAY12qd41fUUONvPY9OlHjnTXFA/w/444rqSgSvJNFr+i21
kA0wCClbntCNokMRlekcGqZknQ/NGxydagXY6s5cC1zn7Jz/VZv42RibrwZptkr7
MiA2VDbBsR6jt48B6KH/slwSAZKX3koom7LOHGcdSWch5UF/2WSU+0uewB2cBbdB
QdjR6shUyj/ow1D5trA116B2f+EU+W8cx8v6wL3LHUb52N1UfnM=
=qz29
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX3pX1+NLKJtyKPYoAQi1UBAAgDlvD2KZ3wZHCi+GZDSCLicnWRQbHsxf
yG8TXpvdLptzYSffaYrYvKORB+MNUdSVcQxygRcrqr2d4EiBUrHsb6qn82ETI7ea
/wo3piPFK7Mk3oYQhCfmOq5e6h9vPwGJKa+9upkJq6laYY3LVDIB1BD6QaoGPQfW
MiOrBTyriWWeF1J+FSYhefOLsB56Sp8LLZrxndvMZpE3+LyD9Nyb+A8ulOjCzIZU
BO8fkSN/FfFI3/zMNPfJqpvM4oyOL/uhTdGy50qs+yMBFROxnmV4ejl2grfb4IBo
nBR+AqmQSbZwLArYd+MrmFkEIvnFOE1ci43H8pfaTUZ5SmA7AlXtZqGdVpvhrG6h
xY0sWNSoNkjE10zNffT8skRHSAL1QcwIXlRSP9MbXt3ElAGkiI0E6BY2Im3w8nWw
992A9XMIZGPxpdNtWyV9G93262AusIYJjXaEmBH5/672ObTiuhaJxMoNzWyi51xp
cl7+kp7WpvlTyPl9lSmaJ026QC7lALh5fffVywUzCD5DKHBpfGrMBcalIzX6FUVV
f/J6XBVfxkrEXvlECqYZ8XVvD/6gx/alAMWkyYD7a/5DPrQRewIEEYU9ar9lXZht
0G4Tqewcxjg9JCDnVCp+etN8Swll0WHFxx8rJj6HrWj9xc92BmFF07oAYs8eGkvJ
0XFELBmIlsY=
=QBlw
-----END PGP SIGNATURE-----