ROS-20240410-03

A vulnerability in the Libvirt virtualization management library is related to insufficient blocking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2024-1441 affecting package libvirt for versions less than 7.10.0-8

CVE-2024-1441 affecting package libvirt for versions less than 7.10.0-8. A patched version of the package is available...

Mageia: Security Advisory (MGASA-2024-0114)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for libvirt (SUSE-SU-2024:1100-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : libvirt (SUSE-SU-2024:1100-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1100-1 advisory. - A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negati...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libvirt (SUSE-SU-2024:1099-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1099-1 advisory. - An off-by-one error flaw was found in the udevListInterfacesByStatus function in libvirt when...

MGASA-2024-0114 Updated libvirt packages fix security vulnerability

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...

Updated libvirt packages fix security vulnerability

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...

SUSE-SU-2024:1100-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. bsc1221815 The following non-security bug was fixed: - Avoid memleak in virNodeDeviceGetPCIVPDDynamicCap bsc1221749...

SUSE-SU-2024:1099-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. bsc1221815 - CVE-2024-2496: Fixed NULL pointer dereference in udevConnectListAllInterfaces bsc1221468. - CVE-2024-1441: Fix off-by-one error in...

Fedora: Security Advisory (FEDORA-2024-ebf015aa4e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : libvirt (SUSE-SU-2024:1083-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1083-1 advisory. - A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negati...

NULL Pointer Dereference

Libvirt is vulnerable to NULL pointer dereference. The vulnerability is caused by a race condition due to the simultaneous detachment of a host interface while collecting the list of interfaces using the virConnectListAllInterfaces API. This race condition leads to a situation where the path...

SUSE-SU-2024:1083-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2024-2494: Fixed negative gnew0 length leading to unbounded memory allocation bsc1221815...

Denial Of Service (DoS)

Libvirt is vulnerable to Denial of ServiceDoS. The vulnerability is due to improper handling of negative array lengths during memory allocation. If an attacker can pass a negative length to the gnew0 function will usually result in a Denial of ServiceDoS...

Debian: Security Advisory (DLA-3778-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : libvirt (SUSE-SU-2024:1078-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1078-1 advisory. - A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negati...

[SECURITY] [DLA 3778-1] libvirt security update

Debian LTS Advisory DLA-3778-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin April 01, 2024 https://wiki.debian.org/LTS Package : libvirt Version : 5.0.0-4+deb10u2 CVE ID : CVE-2020-10703 CVE-2020-12430 CVE-2020-25637 CVE-2021-3631 CVE-2021-3667 CVE-2021-3975...

SUSE-SU-2024:1078-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2024-2494: Fixed negative gnew0 length can lead to unbounded memory allocation bsc1221815...

Libvirt: negative g_new0 length can lead to unbounded memory allocation

...