ELSA-2024-2560

Опубликовано: 07 мая 2024

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2024-2560: libvirt security and bug fix update (MODERATE)

[10.0.0-6.2.0.1]

Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554]

[10.0.0-6.2.el9_4]

qemu: Fix migration with custom XML (RHEL-32654)

[10.0.0-6.1.el9_4]

Fix off-by-one error in udevListInterfacesByStatus (CVE-2024-1441, RHEL-25081)
remote: check for negative array lengths before allocation (CVE-2024-2494)

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

libvirt

10.0.0-6.2.0.1.el9_4

libvirt-client

10.0.0-6.2.0.1.el9_4

libvirt-client-qemu

10.0.0-6.2.0.1.el9_4

libvirt-daemon

10.0.0-6.2.0.1.el9_4

libvirt-daemon-common

10.0.0-6.2.0.1.el9_4

libvirt-daemon-config-network

10.0.0-6.2.0.1.el9_4

libvirt-daemon-config-nwfilter

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-interface

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-network

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-nodedev

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-nwfilter

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-qemu

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-secret

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage-core

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage-disk

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage-iscsi

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage-logical

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage-mpath

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage-rbd

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage-scsi

10.0.0-6.2.0.1.el9_4

libvirt-daemon-kvm

10.0.0-6.2.0.1.el9_4

libvirt-daemon-lock

10.0.0-6.2.0.1.el9_4

libvirt-daemon-log

10.0.0-6.2.0.1.el9_4

libvirt-daemon-plugin-lockd

10.0.0-6.2.0.1.el9_4

libvirt-daemon-plugin-sanlock

10.0.0-6.2.0.1.el9_4

libvirt-daemon-proxy

10.0.0-6.2.0.1.el9_4

libvirt-devel

10.0.0-6.2.0.1.el9_4

libvirt-docs

10.0.0-6.2.0.1.el9_4

libvirt-libs

10.0.0-6.2.0.1.el9_4

libvirt-nss

10.0.0-6.2.0.1.el9_4

Oracle Linux x86_64

libvirt

10.0.0-6.2.0.1.el9_4

libvirt-client

10.0.0-6.2.0.1.el9_4

libvirt-client-qemu

10.0.0-6.2.0.1.el9_4

libvirt-daemon

10.0.0-6.2.0.1.el9_4

libvirt-daemon-common

10.0.0-6.2.0.1.el9_4

libvirt-daemon-config-network

10.0.0-6.2.0.1.el9_4

libvirt-daemon-config-nwfilter

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-interface

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-network

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-nodedev

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-nwfilter

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-qemu

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-secret

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage-core

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage-disk

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage-iscsi

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage-logical

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage-mpath

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage-rbd

10.0.0-6.2.0.1.el9_4

libvirt-daemon-driver-storage-scsi

10.0.0-6.2.0.1.el9_4

libvirt-daemon-kvm

10.0.0-6.2.0.1.el9_4

libvirt-daemon-lock

10.0.0-6.2.0.1.el9_4

libvirt-daemon-log

10.0.0-6.2.0.1.el9_4

libvirt-daemon-plugin-lockd

10.0.0-6.2.0.1.el9_4

libvirt-daemon-plugin-sanlock

10.0.0-6.2.0.1.el9_4

libvirt-daemon-proxy

10.0.0-6.2.0.1.el9_4

libvirt-devel

10.0.0-6.2.0.1.el9_4

libvirt-docs

10.0.0-6.2.0.1.el9_4

libvirt-libs

10.0.0-6.2.0.1.el9_4

libvirt-nss

10.0.0-6.2.0.1.el9_4

Связанные CVE

CVE-2024-2494

CVE-2024-1441

Ссылки на источники

Связанные уязвимости

RLSA-2024:2560

rocky

около 1 года назад

Moderate: libvirt security and bug fix update

SUSE-SU-2024:1099-1

suse-cvrf

около 1 года назад

Security update for libvirt

CVE-2024-2494

CVSS3: 6.2

ubuntu

около 1 года назад

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.

CVE-2024-2494

CVSS3: 6.2

redhat

больше 1 года назад

CVE-2024-2494

CVSS3: 6.2

nvd

около 1 года назад