Source: libvirt Version: 6.0.0-6 Severity: important Tags: security upstream Control: found -1 5.0.0-4+deb10u1 Control: found -1 4.10.0-1
Hi, The following vulnerability was published for libvirt. CVE-2020-12430[0]: | An issue was discovered in qemuDomainGetStatsIOThread in | qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory | leak was found in the virDomainListGetStats libvirt API that is | responsible for retrieving domain statistics when managing QEMU | guests. This flaw allows unprivileged users with a read-only | connection to cause a memory leak in the domstats command, resulting | in a potential denial of service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-12430 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12430 Regards, Salvatore
