MiracleLinux 7 : libvirt-4.5.0-10.el7.12 (AXSA:2019-3912:08)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3912:08 advisory. libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 libvirt: virDomainManagedSaveDefineXML API exposed to readonly...

MiracleLinux 3 : libvirt-0.6.3-33.3.0.1.AXS3 (AXSA:2010-411:04)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-411:04 advisory. Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. Security issues fixed with this...

NewStart CGSL MAIN 7.02 : libvirt Multiple Vulnerabilities (NS-SA-2025-0189)

The remote NewStart CGSL host, running version MAIN 7.02, has libvirt packages installed that are affected by multiple vulnerabilities: - A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer t...

TencentOS Server 4: libvirt (TSSA-2024:0363)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0363 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

NewStart CGSL MAIN 7.02 : libvirt Multiple Vulnerabilities (NS-SA-2025-0071)

The remote NewStart CGSL host, running version MAIN 7.02, has libvirt packages installed that are affected by multiple vulnerabilities: - A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is...

GLSA-202412-16 : libvirt: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202412-16 libvirt: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

libvirt: Multiple Vulnerabilities

Background libvirt is a C toolkit for manipulating virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

Oracle Linux 9 : libvirt (ELSA-2024-9128)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9128 advisory. - udevListInterfaces: Honour array length for zero-length NULL arrays CVE-2024-8235 CVE-2024-8235, RHEL-55373 - Fix off-by-one error in udevListInterfacesByStat...

Ubuntu 24.04 LTS. : libvirt vulnerabilities (USN-6734-2)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6734-2 advisory. USN-6734-1 fixed vulnerabilities in libvirt. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the preceding...

SUSE-SU-2024:1099-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. bsc1221815 - CVE-2024-2496: Fixed NULL pointer dereference in udevConnectListAllInterfaces bsc1221468. - CVE-2024-1441: Fix off-by-one error in...

Ubuntu 18.04 LTS / 20.04 LTS : libvirt vulnerabilities (USN-5399-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5399-1 advisory. It was discovered that libvirt incorrectly handled certain locking operations. A local attacker could possibly use this issue to cause libvir...

SUSE SLES12 Security Update : libvirt (SUSE-SU-2022:0041-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0041-1 advisory. - A use-after-free flaw was found in libvirt. The qemuMonitorUnregister function in qemuProcessHandleMonitorEOF is called using...

SUSE SLES11 Security Update : libvirt (SUSE-SU-2019:14097-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14097-1 advisory. - It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API,...

Vulnerabilities fixed in QEMU and libvirt

Vulnerabilities have been fixed in QEMU and libvirt. The vulnerabilities allow a local, authenticated malicious person potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Access to system data Increased user privileges -= Red Hat =- Red Hat...

Vulnerabilities fixed in libvirt

Vulnerabilities have been fixed in libvirt. The vulnerabilities allow a local malicious person to obtain elevated privileges obtain or perform a denial-of-service attack. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 15. fix the vulnerability in SUSE 15. You can...

SUSE-SU-2020:2969-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros bsc1174955. - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces bsc1177155. - libxl: Fixed lock manager lock ordering bsc1171701...

SUSE-SU-2019:2227-2 Security update for libvirt

This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...

SUSE-SU-2019:2105-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...

SUSE-SU-2019:14097-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...

SUSE-SU-2018:0861-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' var2 bsc1079869. - CVE-2018-6764: Fixed guest executable code injection via libnssdns.so loaded by libvirtlxc before init bsc1080042. -...