USN-6734-1: libvirt vulnerabilities
15 April 2024
Several security issues were fixed in libvirt.
Releases
Packages
- libvirt - Libvirt virtualization toolkit
Details
Alexander Kuznetsov discovered that libvirt incorrectly handled certain API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-1441)
It was discovered that libvirt incorrectly handled certain RPC library API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-2494)
It was discovered that libvirt incorrectly handled detaching certain host
interfaces. An attacker could possibly use this issue to cause libvirt to
crash, resulting in a denial of service. (CVE-2024-2496)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10
-
libvirt-daemon
-
9.6.0-1ubuntu1.1
-
libvirt-daemon-system
-
9.6.0-1ubuntu1.1
-
libvirt0
-
9.6.0-1ubuntu1.1
Ubuntu 22.04
-
libvirt-daemon
-
8.0.0-1ubuntu7.10
-
libvirt-daemon-system
-
8.0.0-1ubuntu7.10
-
libvirt0
-
8.0.0-1ubuntu7.10
Ubuntu 20.04
-
libvirt-daemon
-
6.0.0-0ubuntu8.19
-
libvirt-daemon-system
-
6.0.0-0ubuntu8.19
-
libvirt0
-
6.0.0-0ubuntu8.19
After a standard system update you need to reboot your computer to make all
the necessary changes.
References
Related notices
- USN-6734-2: libvirt-login-shell, libvirt-daemon-driver-xen, libvirt-daemon-driver-vbox, libvirt-doc, libvirt-daemon-system, libvirt, libvirt-daemon, libvirt-daemon-driver-storage-gluster, libvirt-clients, libvirt-daemon-system-systemd, libvirt-dev, libvirt-daemon-driver-storage-rbd, libvirt-daemon-driver-storage-zfs, libvirt-daemon-system-sysv, libvirt-daemon-config-nwfilter, libvirt-clients-qemu, libvirt-daemon-config-network, libvirt-daemon-driver-storage-iscsi-direct, libvirt-l10n, libvirt-sanlock, libnss-libvirt, libvirt0, libvirt-daemon-driver-qemu, libvirt-daemon-driver-lxc, libvirt-wireshark