RockyLinux 8 : virt:rhel and virt-devel:rhel (RLSA-2021:1762)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1762 advisory. libvirt: double free in qemuAgentGetInterfaces in qemuagent.c CVE-2020-25637 QEMU: heap buffer overflow in msixtablemmiowrite in hw/pci/msix.c...

Rocky Linux 9 : libvirt (RLSA-2022:8003)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8003 advisory. - A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver-nwfilters mutex before iterating over...

ALSA-2023:6409 Moderate: libvirt security, bug fix, and enhancement update

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a later upstream version:...

Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2021:4191)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4191 advisory. - QEMU 4.2.0 has a use-after-free in hw/net/e1000ecore.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e'...

RHEL 9 : libvirt (RHSA-2023:6409)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6409 advisory. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In...

Moderate: libvirt security, bug fix, and enhancement update

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a later upstream version:...

Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2023:3822)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:3822 advisory. - A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caus...

Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2022:7472)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7472 advisory. - A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 including. It could occur in fdctrltransferhandler in hw/block/fdc.c...

kvm_utils2 security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt 7.10.0-3.el8 - virpci: Resolve leak in virPCIVirtualFunctionList cleanup Tim Shearer Orabug: 35395469 CVE-2023-2700 libvirt-dbus libvirt-python 7.10.0-3.el8 - Update version number to match libvirt 7.10.0-3 Karl Heubaum nbdkit...

Oracle Linux 8 : kvm_utils2 (ELSA-2023-12924)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12924 advisory. - virpci: Resolve leak in virPCIVirtualFunctionList cleanup Tim Shearer Orabug: 35395469 CVE-2023-2700 libvirt-dbus libvirt-python Tenable has extracted the...

Denial Of Service (DoS)

libvirt is vulnerable to Denial of service . This security flaw occurs due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's gautoptr cleanup...

Oracle Linux 8 : kvm_utils3 (ELSA-2023-12855)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12855 advisory. - storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' Peter Krempa Orabug: 35644221 CVE-2023-3750 - virpci: Resolve leak in...

Important Photon OS Security Update - PHSA-2023-4.0-0469

Updates of 'libvirt', 'libxml2', 'linux', 'redis', 'mozjs' packages of Photon OS have been released...

Oracle Linux 7 : libvirt (ELSA-2019-2294)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2294 advisory. - api: disallow virDomainSaveImageGetXMLDesc on read-only connections CVE-2019-10161 - api: disallow virDomainManagedSaveDefineXML on read-only connections...

Oracle Linux 7 : libvirt (ELSA-2019-4687)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4687 advisory. - logging: restrict sockets to mode 0600 Daniel P. Berrange Orabug: 29861433 CVE-2019-10132 - locking: restrict sockets to mode 0600 Daniel P. Berrange Orabug:...

Oracle Linux 7 : libvirt (ELSA-2019-4688)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4688 advisory. - logging: restrict sockets to mode 0600 Daniel P. Berrange Orabug: 29861433 CVE-2019-10132 - locking: restrict sockets to mode 0600 Daniel P. Berrange Orabug:...

Oracle Linux 7 : libvirt (ELSA-2020-5720)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5720 advisory. 5.7.0-15.el7 - qemu: Escape the qemu driver systemd DOT hoax Wim ten Have Orabug: 31380815 5.7.0-14.el7 - vmx: make 'fileName' optional for CD-ROMs Pino Toscano...

Oracle Linux 7 : libvirt (ELSA-2020-4000)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4000 advisory. - qemu: dont take agent and monitor job for shutdown CVE-2019-20485 - qemu: dont hold a monitor and agent job for reboot CVE-2019-20485 - qemu: dont ho...

Oracle Linux 7 : libvirt (ELSA-2020-5674)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5674 advisory. - qemu: don't hold both jobs for suspend Jonathon Jongsma Orabug: 31073098 CVE-2019-20485 Tenable has extracted the preceding description block directly from th...

Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2020-4676)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4676 advisory. - libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ipreass in ipinput.c. CVE-2019-15890 - qemu/qemudriver.c in libvirt before 6.0.0...