Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:2560

Опубликовано: 10 мая 2024
Источник: rocky
Оценка: Moderate

Описание

Moderate: libvirt security and bug fix update

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

Security Fixes:

  • libvirt: off-by-one error in udevListInterfacesByStatus() (CVE-2024-1441)

  • libvirt: negative g_new0 length can lead to unbounded memory allocation (CVE-2024-2494)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fixes:

  • libvirt: off-by-one error in udevListInterfacesByStatus() [rhel-9] (JIRA:Rocky Linux-25081)

  • libvirt: negative g_new0 length can lead to unbounded memory allocation [rhel-9] (JIRA:Rocky Linux-29515)

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
libvirtx86_646.2.el9_4libvirt-10.0.0-6.2.el9_4.x86_64.rpm
libvirt-clientx86_646.2.el9_4libvirt-client-10.0.0-6.2.el9_4.x86_64.rpm
libvirt-client-qemux86_646.2.el9_4libvirt-client-qemu-10.0.0-6.2.el9_4.x86_64.rpm
libvirt-daemonx86_646.2.el9_4libvirt-daemon-10.0.0-6.2.el9_4.x86_64.rpm
libvirt-daemon-commonx86_646.2.el9_4libvirt-daemon-common-10.0.0-6.2.el9_4.x86_64.rpm
libvirt-daemon-config-networkx86_646.2.el9_4libvirt-daemon-config-network-10.0.0-6.2.el9_4.x86_64.rpm
libvirt-daemon-config-nwfilterx86_646.2.el9_4libvirt-daemon-config-nwfilter-10.0.0-6.2.el9_4.x86_64.rpm
libvirt-daemon-driver-interfacex86_646.2.el9_4libvirt-daemon-driver-interface-10.0.0-6.2.el9_4.x86_64.rpm
libvirt-daemon-driver-networkx86_646.2.el9_4libvirt-daemon-driver-network-10.0.0-6.2.el9_4.x86_64.rpm
libvirt-daemon-driver-nodedevx86_646.2.el9_4libvirt-daemon-driver-nodedev-10.0.0-6.2.el9_4.x86_64.rpm

Показывать по

Связанные CVE

CVE-2024-1441
CVE-2024-2494

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2024-2560

oracle-oval
около 1 года назад

ELSA-2024-2560: libvirt security and bug fix update (MODERATE)

suse-cvrf логотип

SUSE-SU-2024:1099-1

suse-cvrf
около 1 года назад

Security update for libvirt

ubuntu логотип

CVE-2024-2494

CVSS3: 6.2
ubuntu
около 1 года назад

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.

redhat логотип

CVE-2024-2494

CVSS3: 6.2
redhat
больше 1 года назад

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.

nvd логотип

CVE-2024-2494

CVSS3: 6.2
nvd
около 1 года назад

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.