安全公告详情

NS-SA-2026-0022

2026-03-04 16:02:58

简介

moderate: platform-python-pip-9.0.3-22.zncgsl6.noarch/libvirt security update

严重级别

moderate

主题

An update for platform-python-pip-9.0.3-22.zncgsl6.noarch/libvirt is now available for NewStart CGSL MAIN 6.06.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

platform-python-pip-9.0.3-22.zncgsl6.noarch:
libvirt:


Security Fix(es):
platform-python-pip-9.0.3-22.zncgsl6.noarch: pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory(CVE-2013-1888)
platform-python-pip-9.0.3-22.zncgsl6.noarch: bugfix
libvirt: A memory leak flaw was found in the libvirt API that is responsible for retrieving domain stats when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the `domstats` command, resulting in a potential denial of service.(CVE-2020-12430)
libvirt: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.06.01B6.

影响组件

  • platform-python-pip-9.0.3-22.zncgsl6.noarch
  • libvirt

影响产品

  • CGSL MAIN 6.06 (SP)

更新包

{"fix":[{"product":"CGSL MAIN 6.06 (SP)","pkgs":[{"binary":"","source":""},{"binary":["libvirt-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-admin-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-bash-completion-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-client-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-config-network-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-config-nwfilter-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-interface-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-network-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-nodedev-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-nwfilter-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-qemu-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-secret-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-scsi-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-rbd-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-mpath-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-logical-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-iscsi-direct-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-iscsi-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-gluster-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-disk-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-core-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-kvm-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-devel-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-docs-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-libs-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-lock-sanlock-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-nss-5.9.0-2.zncgsl6.t2.0.x86_64.rpm"],"source":"libvirt-5.9.0-2.zncgsl6.t2.0.src.rpm"}]}]}

CVE

参考