Описание
Security update for libvirt
This update for libvirt fixes the following issues:
- CVE-2024-2496: Fixed NULL pointer dereference in udevConnectListAllInterfaces() (bsc#1221468).
- CVE-2024-1441: Fix off-by-one error in udevListInterfacesByStatus (bsc#1221237)
Список пакетов
Image SLES12-SP5-Azure-SAP-BYOS
libvirt-client-5.1.0-13.39.1
libvirt-libs-5.1.0-13.39.1
Image SLES12-SP5-Azure-SAP-On-Demand
libvirt-client-5.1.0-13.39.1
libvirt-libs-5.1.0-13.39.1
Image SLES12-SP5-EC2-SAP-BYOS
libvirt-client-5.1.0-13.39.1
libvirt-libs-5.1.0-13.39.1
Image SLES12-SP5-EC2-SAP-On-Demand
libvirt-client-5.1.0-13.39.1
libvirt-libs-5.1.0-13.39.1
Image SLES12-SP5-GCE-SAP-BYOS
libvirt-client-5.1.0-13.39.1
libvirt-libs-5.1.0-13.39.1
Image SLES12-SP5-GCE-SAP-On-Demand
libvirt-client-5.1.0-13.39.1
libvirt-libs-5.1.0-13.39.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libvirt-client-5.1.0-13.39.1
libvirt-libs-5.1.0-13.39.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libvirt-client-5.1.0-13.39.1
libvirt-libs-5.1.0-13.39.1
SUSE Linux Enterprise Server 12 SP5
libvirt-5.1.0-13.39.1
libvirt-admin-5.1.0-13.39.1
libvirt-client-5.1.0-13.39.1
libvirt-daemon-5.1.0-13.39.1
libvirt-daemon-config-network-5.1.0-13.39.1
libvirt-daemon-config-nwfilter-5.1.0-13.39.1
libvirt-daemon-driver-interface-5.1.0-13.39.1
libvirt-daemon-driver-libxl-5.1.0-13.39.1
libvirt-daemon-driver-lxc-5.1.0-13.39.1
libvirt-daemon-driver-network-5.1.0-13.39.1
libvirt-daemon-driver-nodedev-5.1.0-13.39.1
libvirt-daemon-driver-nwfilter-5.1.0-13.39.1
libvirt-daemon-driver-qemu-5.1.0-13.39.1
libvirt-daemon-driver-secret-5.1.0-13.39.1
libvirt-daemon-driver-storage-5.1.0-13.39.1
libvirt-daemon-driver-storage-core-5.1.0-13.39.1
libvirt-daemon-driver-storage-disk-5.1.0-13.39.1
libvirt-daemon-driver-storage-iscsi-5.1.0-13.39.1
libvirt-daemon-driver-storage-logical-5.1.0-13.39.1
libvirt-daemon-driver-storage-mpath-5.1.0-13.39.1
libvirt-daemon-driver-storage-rbd-5.1.0-13.39.1
libvirt-daemon-driver-storage-scsi-5.1.0-13.39.1
libvirt-daemon-hooks-5.1.0-13.39.1
libvirt-daemon-lxc-5.1.0-13.39.1
libvirt-daemon-qemu-5.1.0-13.39.1
libvirt-daemon-xen-5.1.0-13.39.1
libvirt-doc-5.1.0-13.39.1
libvirt-libs-5.1.0-13.39.1
libvirt-lock-sanlock-5.1.0-13.39.1
libvirt-nss-5.1.0-13.39.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libvirt-5.1.0-13.39.1
libvirt-admin-5.1.0-13.39.1
libvirt-client-5.1.0-13.39.1
libvirt-daemon-5.1.0-13.39.1
libvirt-daemon-config-network-5.1.0-13.39.1
libvirt-daemon-config-nwfilter-5.1.0-13.39.1
libvirt-daemon-driver-interface-5.1.0-13.39.1
libvirt-daemon-driver-libxl-5.1.0-13.39.1
libvirt-daemon-driver-lxc-5.1.0-13.39.1
libvirt-daemon-driver-network-5.1.0-13.39.1
libvirt-daemon-driver-nodedev-5.1.0-13.39.1
libvirt-daemon-driver-nwfilter-5.1.0-13.39.1
libvirt-daemon-driver-qemu-5.1.0-13.39.1
libvirt-daemon-driver-secret-5.1.0-13.39.1
libvirt-daemon-driver-storage-5.1.0-13.39.1
libvirt-daemon-driver-storage-core-5.1.0-13.39.1
libvirt-daemon-driver-storage-disk-5.1.0-13.39.1
libvirt-daemon-driver-storage-iscsi-5.1.0-13.39.1
libvirt-daemon-driver-storage-logical-5.1.0-13.39.1
libvirt-daemon-driver-storage-mpath-5.1.0-13.39.1
libvirt-daemon-driver-storage-rbd-5.1.0-13.39.1
libvirt-daemon-driver-storage-scsi-5.1.0-13.39.1
libvirt-daemon-hooks-5.1.0-13.39.1
libvirt-daemon-lxc-5.1.0-13.39.1
libvirt-daemon-qemu-5.1.0-13.39.1
libvirt-daemon-xen-5.1.0-13.39.1
libvirt-doc-5.1.0-13.39.1
libvirt-libs-5.1.0-13.39.1
libvirt-lock-sanlock-5.1.0-13.39.1
libvirt-nss-5.1.0-13.39.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libvirt-devel-5.1.0-13.39.1
Ссылки
- Link for SUSE-SU-2024:1005-1
- E-Mail link for SUSE-SU-2024:1005-1
- SUSE Security Ratings
- SUSE Bug 1221237
- SUSE Bug 1221468
- SUSE CVE CVE-2024-1441 page
- SUSE CVE CVE-2024-2496 page
Описание
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.
Затронутые продукты
Image SLES12-SP5-Azure-SAP-BYOS:libvirt-client-5.1.0-13.39.1
Image SLES12-SP5-Azure-SAP-BYOS:libvirt-libs-5.1.0-13.39.1
Image SLES12-SP5-Azure-SAP-On-Demand:libvirt-client-5.1.0-13.39.1
Image SLES12-SP5-Azure-SAP-On-Demand:libvirt-libs-5.1.0-13.39.1
Ссылки
- CVE-2024-1441
- SUSE Bug 1221237
Описание
A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.
Затронутые продукты
Image SLES12-SP5-Azure-SAP-BYOS:libvirt-client-5.1.0-13.39.1
Image SLES12-SP5-Azure-SAP-BYOS:libvirt-libs-5.1.0-13.39.1
Image SLES12-SP5-Azure-SAP-On-Demand:libvirt-client-5.1.0-13.39.1
Image SLES12-SP5-Azure-SAP-On-Demand:libvirt-libs-5.1.0-13.39.1
Ссылки
- CVE-2024-2496
- SUSE Bug 1221468