virt:rhel and virt-devel:rhel security and enhancement update

An update is available for module.swtpm, module.libtpms, module.libnbd, netcf, module.nbdkit, hivex, libiscsi, libtpms, module.sgabios, libguestfs-winsupport, virt-v2v, module.supermin, module.virt-v2v, module.libvirt-dbus, module.qemu-kvm, supermin, swtpm, libvirt-dbus, sgabios, qemu-kvm,...

virt:rhel and virt-devel:rhel security update

An update is available for module.swtpm, module.libtpms, module.libnbd, netcf, module.nbdkit, hivex, libiscsi, libtpms, module.sgabios, libguestfs-winsupport, virt-v2v, module.supermin, module.virt-v2v, module.libvirt-dbus, module.qemu-kvm, supermin, swtpm, libvirt-dbus, sgabios, qemu-kvm,...

Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2024:3253)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3253 advisory. libvirt: negative gnew0 length can lead to unbounded memory allocation CVE-2024-2494 Tenable has extracted the preceding description block directly from the Rock...

virt:kvm_utils1 security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt 5.7.0-42 - Document CVEs as fixed Karl Heubaum CVE-2023-2700 - Fix off-by-one error in udevListInterfacesByStatus Martin Kletzander Orabug: 36364474 CVE-2024-1441 - libvirt- : Check caller-provided buffers to be NULL with size 0 Erik...

CVE-2024-4418 affecting package libvirt for versions less than 7.10.0-10

CVE-2024-4418 affecting package libvirt for versions less than 7.10.0-10. A patched version of the package is available...

openSUSE Security Advisory (SUSE-SU-2024:1962-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: libvirt-10.1.0-2.fc40

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...

Fedora: Security Advisory (FEDORA-2024-ee96e0c470)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : libvirt (2024-ee96e0c470)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ee96e0c470 advisory. Fix crash in event loop CVE-2024-4418 Fix leak of GSource object Fix leak of udev object reference Tenable has extracted the preceding description...

SUSE-SU-2024:1962-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2024-4418: Fixed a stack use-after-free by ensuring temporary GSource is removed from client event loop. bsc1223849...

The vulnerability of the virNetClientIOEventLoop() method in the virtualization management library Libvirt allows a attacker to gain unauthorized access to virtproxyd without authentication.

The vulnerability of the virNetClientIOEventLoop method in the virtualization management library Libvirt is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to gain unauthorized access to virtproxyd without authentication...

ROS-20240607-04

Vulnerability of the virNetClientIOEventLoop method of the Libvirt virtualization management library is related to incorrect execution of the data pointer to the structure virNetClientIOEventLoop in the virNetClientIOEventLoop method virNetClientIOIOEventData. Exploitation of the vulnerability...

Moderate Photon OS Security Update - PHSA-2024-4.0-0625

Updates of 'libvirt' packages of Photon OS have been released...

Moderate Photon OS Security Update - PHSA-2024-5.0-0286

Updates of 'libvirt' packages of Photon OS have been released...

Oracle Linux 9 : libvirt (ELSA-2024-12406)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12406 advisory. - Fix off-by-one error in udevListInterfacesByStatus Martin Kletzander Orabug: 36364464 CVE-2024-1441 libvirt-python Tenable has extracted the preceding...

Advisory ROSA-SA-2024-2430

Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2021-3631 BDU-ID: 2024-02428 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libvirt virtualization management library is related to the creation of SELinux M...

RHEL 5 : dnsmasq (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks CVE-2012-3411 - dnsmasq:...

RHEL 6 : libvirt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvirt: Setting empty VNC password allows access to unauthorized users CVE-2016-5008 - libvirt: TLS...

RHEL 5 : libvirt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvirt: TLS certificate verification disabled for clients CVE-2017-1000256 - Multiple race conditions in...

RHEL 8 : 8.1_libvirt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvirt: double free in qemuAgentGetInterfaces in qemuagent.c CVE-2020-25637 - An issue was discovered in...