libvirt: Denial of service in XML parsing

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

Moderate: Red Hat Security Advisory: libvirt security update

An update for libvirt is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

ALSA-2026:18326 Moderate: libvirt security update

Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...

Moderate: libvirt security update

Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...

ALSA-2026:18748 Moderate: libvirt security update

Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...

RHEL 10 : libvirt (RHSA-2026:18326)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18326 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains...

RHEL 9 : libvirt (RHSA-2026:18748)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18748 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains...

Astra Linux – Vulnerability in libvirt

A vulnerability was discovered in libvirt. This security flaw occurs due to repeated queries of the capabilities of an SR-IOV PCI device, which leads to a memory leak caused by failure to free the virPCIVirtualFunction array within the parent struct’s gautoptr cleanup...

Astra Linux – Vulnerability in libvirt

qemu/qemudriver.c in libvirt before version 6.0.0 improperly handles the handling of a monitor job during a query to a guest agent. This allows attackers to cause a denial of service API blockage...

Astra Linux – Vulnerability in libvirt

A flaw was discovered in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, leading to a race condition and a denial of service when attempting to lock the same object from another thread. This issue could cause clients connecting to the read-only socket ...

Astra Linux – Vulnerability in libvirt

A flaw was discovered in libvirt during its generation of SELinux MCS category pairs for virtual machines’ dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breach of sVirt confinement. The greatest threat posed by this vulnerability...

Astra Linux – Vulnerability in libvirt

A NULL pointer dereference was detected in the libvirt API, which was introduced in the upstream version 3.10.0 and fixed in libvirt 6.0.0. This issue relates to the retrieval of a storage pool based on its target path. More specifically, this flaw affects storage pools created without a target...

Security update for wireshark

This update for wireshark fixes the following issues: Update Wireshark to version 4.6.4 jscPED-15400. CVE-2024-9780: ITS dissector crash bsc1231475. CVE-2024-9781: AppleTalk and RELOAD Framing dissector crash bsc1231476. CVE-2024-11595: Loop with Unreachable Exit Condition 'Infinite Loop' in...

SUSE-SU-2026:1169-1 Security update for wireshark

This update for wireshark fixes the following issues: Update Wireshark to version 4.6.4 jscPED-15400. - CVE-2024-9780: ITS dissector crash bsc1231475. - CVE-2024-9781: AppleTalk and RELOAD Framing dissector crash bsc1231476. - CVE-2024-11595: Loop with Unreachable Exit Condition 'Infinite Loop' i...

Oracle Linux 8 : virt:ol / and / virt-devel:ol (ELSA-2026-5578)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-5578 advisory. - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 libguestfs - Fixes: CVE-2022-40284 - Fix CVE-2024-7383 NBD server improper certificate...

PT-2026-28315

Name of the Vulnerable Software and Affected Versions Foreman versions prior to 3.16.3 Foreman versions prior to 3.17.2 Foreman versions prior to 3.18.1 Description A flaw exists in Foreman that allows a remote attacker to exploit a command injection vulnerability within the WebSocket proxy...

virt:ol and virt-devel:ol security update

hivex 1.3.18-23 - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 libguestfs 1.44.0-9.0.2 - libguestfs.spec: Add btrfs-progs RPM to appliance Orabug: 35634755 libguestfs-winsupport 8.10-1 - Rebase to ntfs-3g 2022.10.3 - Fixes: CVE-2022-40284 - resolves: rhbz2236373 libiscsi...

Debian: Security Advisory (DLA-4504-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4504-1] libvirt security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4504-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 20, 2026 https://wiki.debian.org/LTS -...

DLA-4504-1 libvirt - security update

Bulletin has no description...