Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:8003

Опубликовано: 15 нояб. 2022
Источник: rocky
Оценка: Low

Описание

Low: libvirt security, bug fix, and enhancement update

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

The following packages have been upgraded to a later upstream version: libvirt (8.5.0). (BZ#2060313)

Security Fix(es):

  • libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service (CVE-2022-0897)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
libvirtx86_647.3.el9_1libvirt-8.5.0-7.3.el9_1.x86_64.rpm
libvirt-clientx86_647.3.el9_1libvirt-client-8.5.0-7.3.el9_1.x86_64.rpm
libvirt-daemonx86_647.3.el9_1libvirt-daemon-8.5.0-7.3.el9_1.x86_64.rpm
libvirt-daemon-config-networkx86_647.3.el9_1libvirt-daemon-config-network-8.5.0-7.3.el9_1.x86_64.rpm
libvirt-daemon-config-nwfilterx86_647.3.el9_1libvirt-daemon-config-nwfilter-8.5.0-7.3.el9_1.x86_64.rpm
libvirt-daemon-driver-interfacex86_647.3.el9_1libvirt-daemon-driver-interface-8.5.0-7.3.el9_1.x86_64.rpm
libvirt-daemon-driver-networkx86_647.3.el9_1libvirt-daemon-driver-network-8.5.0-7.3.el9_1.x86_64.rpm
libvirt-daemon-driver-nodedevx86_647.3.el9_1libvirt-daemon-driver-nodedev-8.5.0-7.3.el9_1.x86_64.rpm
libvirt-daemon-driver-nwfilterx86_647.3.el9_1libvirt-daemon-driver-nwfilter-8.5.0-7.3.el9_1.x86_64.rpm
libvirt-daemon-driver-qemux86_647.3.el9_1libvirt-daemon-driver-qemu-8.5.0-7.3.el9_1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-0897

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-0897

CVSS3: 4.3
ubuntu
около 3 лет назад

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).

redhat логотип

CVE-2022-0897

CVSS3: 5
redhat
больше 3 лет назад

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).

nvd логотип

CVE-2022-0897

CVSS3: 4.3
nvd
около 3 лет назад

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).

debian логотип

CVE-2022-0897

CVSS3: 4.3
debian
около 3 лет назад

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjLis ...

suse-cvrf логотип

SUSE-SU-2023:2754-1

suse-cvrf
почти 2 года назад

Security update for libvirt