Libvirt Security Notice: LSN-2020-0002
        ======================================

       Summary: Leak of sensitive cookie information
   Reported on: 20200420
  Published on: 20200414
      Fixed on: 20200414
   Reported by: Han Han <hhan@redhat.com>
    Patched by: Peter Krempa <pkrempa@redhat.com>
      See also: CVE-2020-14301

Description
-----------

The implementation of cookies for HTTP-based disks formatted them in
the XML even if the VIR_DOMAIN_XML_SECURE was not present.

Impact
------

A read-only client can access potentionally sensitive information in
the cookies.

Workaround
----------

Denying access to the readonly libvirt socket will avoid the
potential information leak.

Affected product
----------------

        Name: libvirt
  Repository: https://gitlab.com/libvirt/libvirt

      Branch: master
   Broken in: v6.2.0
    Fixed in: v6.3.0
   Broken by: 3b076391befc3fe72deb0c244ac6c2b4c100b410
    Fixed by: a5b064bf4b17a9884d7d361733737fb614ad8979