Monday, April 29, 2024

[USN-6734-2] libvirt vulnerabilities

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmYvlgsACgkQZWnYVadE
vpMPGxAAjWzuvPnn74lpXEPBgNPNwp7f5QzB5Ikot36/xLD2Bgj4r9UmruS+3uoA
pd8oG7mwYXlV/JJhG7A1npb2sEHz/NkMxB8UEer2sHg4VGxQ74ATZVRBX2H6KCo1
l2/ZC7hHlvLe7cv1ki+Vb3R7723SG+t0CQWQK5Vm6pOLIcFErpCIYydgPHppHmoe
O5e1dwZDy4KTHMwIi+6D/ttZF0W77Od1QxOr5QmOwgufXd/8Q+PVElFqki+HY1Vo
p42vLvxglHSFgVuJD4RXGwZtywTiitGF1JGOMk+JaVNNiv2QfFZ1oLpWoJCD9GDu
o9Qeigq2r177xO8I1Wl+0/ZubSMG+TeKoiU/h/4fDh3hqogYIIJaQwVy0IpfKzc7
/6KKJwbwQYmKVYHgPXdBxcJzY/DYud63H/7B9Ab1T8IXgPk+Fp54Ilj7tvdJV/f2
NWC+1w9OJOiXv0Pd2IQlVQO8kuxoHQDa8WC7n0vudGsq+fkU+V2mi2pxps/Zpqb5
nJ1ypmIVvpplZAVC3J4lOnjrGbuvDB0/quCjRgXWy5XK6KMxS1YAVndmo0L+hlNv
chiENXSzQCfshsBrrczjfDVw5zMLeSDsVbXHAX1fJ3aB8RcElU4RLKyoW4aNtpRy
JMhIT5FnxcKEJDIujvAA0c5NmfiNnxF1tSppLpPmnZC7MH0dG+M=
=gl4R
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6734-2
April 29, 2024

libvirt vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in libvirt.

Software Description:
- libvirt: Libvirt virtualization toolkit

Details:

USN-6734-1 fixed vulnerabilities in libvirt. This update provides the
corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

Alexander Kuznetsov discovered that libvirt incorrectly handled certain API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-1441)
It was discovered that libvirt incorrectly handled certain RPC library API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-2494)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libvirt-daemon 10.0.0-2ubuntu8.1
libvirt-daemon-system 10.0.0-2ubuntu8.1
libvirt0 10.0.0-2ubuntu8.1

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6734-2
https://ubuntu.com/security/notices/USN-6734-1
CVE-2024-1441, CVE-2024-2494

Package Information:
https://launchpad.net/ubuntu/+source/libvirt/10.0.0-2ubuntu8.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)