Ubuntu 24.04 LTS. : libvirt vulnerabilities (USN-6734-2)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6734-2 advisory. USN-6734-1 fixed vulnerabilities in libvirt. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the preceding...

Fedora 40 : libvirt-sandbox (2024-ebf015aa4e)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-ebf015aa4e advisory. rebuild to ensure vulnerable xz isn't statically linked Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

ROS-20240423-02

Vulnerability of gnew0 function of Libvirt virtualization management library is related to incorrect checking of negative array length before memory allocation. checking for negative array length before allocating memory. Exploitation of the vulnerability could allow an attacker to cause a denial...

ROS-20240423-11

A vulnerability in the Libvirt virtualization management daemon is related to memory re-release. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. integrity, and cause a denial of service...

Medium: libvirt

Issue Overview: An off-by-one error flaw was found in the udevListInterfacesByStatus function in libvirt when the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to...

Medium: libvirt

Issue Overview: An off-by-one error flaw was found in the udevListInterfacesByStatus function in libvirt when the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to...

Amazon Linux 2 : libvirt (ALAS-2024-2513)

The version of libvirt installed on the remote host is prior to 4.5.0-36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2513 advisory. An off-by-one error flaw was found in the udevListInterfacesByStatus function in libvirt when the number of interfaces...

Critical Photon OS Security Update - PHSA-2024-4.0-0592

Updates of 'wireshark', 'openssl', 'ruby', 'libvirt', 'suricata', 'linux-secure', 'linux-aws', 'linux', 'linux-rt' packages of Photon OS have been released...

Moderate Photon OS Security Update - PHSA-2024-3.0-0749

Updates of 'libvirt', 'linux' packages of Photon OS have been released...

Ubuntu: Security Advisory (USN-6734-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6734-1 libvirt vulnerabilities

Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. CVE-2024-1441 It was discovered that libvirt incorrectly handled certain RPC library API calls. An attacker cou...

USN-6734-1: libvirt vulnerabilities

Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. CVE-2024-1441 It was discovered that libvirt incorrectly handled certain RPC library API calls. An attacker cou...

ROS-20240415-02

Vulnerability of udevListInterfacesByStatus function in module src/interface/interfacebackendudev.c of libvirt library is caused by an off-by-one error. module of the libvirt library has an off-by-one error. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Important Photon OS Security Update - PHSA-2024-5.0-0246

Updates of 'libvirt', 'suricata' packages of Photon OS have been released...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : libvirt vulnerabilities (USN-6734-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6734-1 advisory. Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause...

OESA-2024-1391 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: An off-by-one error flaw was found in the udevListInterfacesByStatus function in...

The vulnerability of the virStoragePoolObjListSearch function in the virtualization management library Libvirt allows a attacker to trigger a service failure.

The vulnerability of the virStoragePoolObjListSearch function in the Libvirt management library arises due to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

The vulnerability of the virPCIVirtualFunctionList function in the virtualization management library Libvirt allows a attacker to trigger a service failure.

The vulnerability of the virPCIVirtualFunctionList function in the virtualization management library Libvirt is related to improper memory release before deleting the last reference. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the udevListInterfacesByStatus() function in the libvirt library, which allows a hacker to trigger a service failure

The vulnerability of the udevListInterfacesByStatus function in the src/interface/interfacebackendudev.c module of the libvirt library is related to an off-by-one error. Exploiting this vulnerability could allow an attacker to trigger a service failure...

ROS-20240410-03

A vulnerability in the Libvirt virtualization management library is related to insufficient blocking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...