An update for libvirt is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1010 Final 1.0 1.0 2021-02-04 Initial 2021-02-04 2021-02-04 openEuler SA Tool V1.0 2021-02-04 libvirt security update An update for libvirt is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1. Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support.\r\n\r\n Security Fix(es):\r\n\r\n A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-14339)\r\n\r\n An update for libvirt is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1.\r\n\r\n openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High libvirt https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1010 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-14339 https://nvd.nist.gov/vuln/detail/CVE-2020-14339 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 libvirt-daemon-driver-qemu-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-nwfilter-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-scsi-6.2.0-10.oe1.aarch64.rpm libvirt-libs-6.2.0-10.oe1.aarch64.rpm libvirt-admin-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-logical-6.2.0-10.oe1.aarch64.rpm libvirt-nss-6.2.0-10.oe1.aarch64.rpm libvirt-wireshark-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-iscsi-6.2.0-10.oe1.aarch64.rpm libvirt-lock-sanlock-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-disk-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-iscsi-direct-6.2.0-10.oe1.aarch64.rpm libvirt-docs-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-mpath-6.2.0-10.oe1.aarch64.rpm libvirt-bash-completion-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-kvm-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-config-nwfilter-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-qemu-6.2.0-10.oe1.aarch64.rpm libvirt-6.2.0-10.oe1.aarch64.rpm libvirt-client-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-nodedev-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-interface-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-config-network-6.2.0-10.oe1.aarch64.rpm libvirt-debuginfo-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-network-6.2.0-10.oe1.aarch64.rpm libvirt-debugsource-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-core-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-rbd-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-6.2.0-10.oe1.aarch64.rpm libvirt-devel-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-secret-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-gluster-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-qemu-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-nwfilter-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-scsi-6.2.0-10.oe1.aarch64.rpm libvirt-libs-6.2.0-10.oe1.aarch64.rpm libvirt-admin-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-logical-6.2.0-10.oe1.aarch64.rpm libvirt-nss-6.2.0-10.oe1.aarch64.rpm libvirt-wireshark-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-iscsi-6.2.0-10.oe1.aarch64.rpm libvirt-lock-sanlock-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-disk-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-iscsi-direct-6.2.0-10.oe1.aarch64.rpm libvirt-docs-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-mpath-6.2.0-10.oe1.aarch64.rpm libvirt-bash-completion-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-kvm-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-config-nwfilter-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-qemu-6.2.0-10.oe1.aarch64.rpm libvirt-6.2.0-10.oe1.aarch64.rpm libvirt-client-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-nodedev-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-interface-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-config-network-6.2.0-10.oe1.aarch64.rpm libvirt-debuginfo-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-network-6.2.0-10.oe1.aarch64.rpm libvirt-debugsource-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-core-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-rbd-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-6.2.0-10.oe1.aarch64.rpm libvirt-devel-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-secret-6.2.0-10.oe1.aarch64.rpm libvirt-daemon-driver-storage-gluster-6.2.0-10.oe1.aarch64.rpm libvirt-6.2.0-10.oe1.src.rpm libvirt-6.2.0-10.oe1.src.rpm libvirt-lock-sanlock-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-qemu-6.2.0-10.oe1.x86_64.rpm libvirt-nss-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-logical-6.2.0-10.oe1.x86_64.rpm libvirt-libs-6.2.0-10.oe1.x86_64.rpm libvirt-devel-6.2.0-10.oe1.x86_64.rpm libvirt-docs-6.2.0-10.oe1.x86_64.rpm libvirt-wireshark-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-6.2.0-10.oe1.x86_64.rpm libvirt-admin-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-network-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-gluster-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-scsi-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-core-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-nwfilter-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-interface-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-kvm-6.2.0-10.oe1.x86_64.rpm libvirt-debugsource-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-rbd-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-disk-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-nodedev-6.2.0-10.oe1.x86_64.rpm libvirt-bash-completion-6.2.0-10.oe1.x86_64.rpm libvirt-client-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-config-network-6.2.0-10.oe1.x86_64.rpm libvirt-debuginfo-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-mpath-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-qemu-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-secret-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-config-nwfilter-6.2.0-10.oe1.x86_64.rpm libvirt-6.2.0-10.oe1.x86_64.rpm libvirt-lock-sanlock-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-qemu-6.2.0-10.oe1.x86_64.rpm libvirt-nss-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-logical-6.2.0-10.oe1.x86_64.rpm libvirt-libs-6.2.0-10.oe1.x86_64.rpm libvirt-devel-6.2.0-10.oe1.x86_64.rpm libvirt-docs-6.2.0-10.oe1.x86_64.rpm libvirt-wireshark-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-6.2.0-10.oe1.x86_64.rpm libvirt-admin-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-network-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-gluster-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-scsi-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-core-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-nwfilter-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-interface-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-kvm-6.2.0-10.oe1.x86_64.rpm libvirt-debugsource-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-rbd-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-disk-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-nodedev-6.2.0-10.oe1.x86_64.rpm libvirt-bash-completion-6.2.0-10.oe1.x86_64.rpm libvirt-client-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-config-network-6.2.0-10.oe1.x86_64.rpm libvirt-debuginfo-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-storage-mpath-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-qemu-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-driver-secret-6.2.0-10.oe1.x86_64.rpm libvirt-daemon-config-nwfilter-6.2.0-10.oe1.x86_64.rpm libvirt-6.2.0-10.oe1.x86_64.rpm A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-02-04 CVE-2020-14339 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 High 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H libvirt security update 2021-02-04 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1010