USN-6734-2: libvirt vulnerabilities
29 April 2024
Several security issues were fixed in libvirt.
Releases
Packages
- libvirt - Libvirt virtualization toolkit
Details
USN-6734-1 fixed vulnerabilities in libvirt. This update provides the
corresponding updates for Ubuntu 24.04 LTS.
Original advisory details:
Alexander Kuznetsov discovered that libvirt incorrectly handled certain API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-1441)
It was discovered that libvirt incorrectly handled certain RPC library API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-2494)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04
-
libvirt-daemon
-
10.0.0-2ubuntu8.1
-
libvirt-daemon-system
-
10.0.0-2ubuntu8.1
-
libvirt0
-
10.0.0-2ubuntu8.1
After a standard system update you need to reboot your computer to make all
the necessary changes.
References
Related notices
- USN-6734-1: libvirt-daemon-driver-storage-zfs, libvirt-daemon-config-network, libvirt-clients, libvirt-l10n, libvirt-sanlock, libvirt-daemon-driver-storage-rbd, libvirt-doc, libvirt0, libvirt-daemon-driver-storage-iscsi-direct, libvirt-daemon, libnss-libvirt, libvirt-wireshark, libvirt-dev, libvirt-daemon-driver-xen, libvirt-daemon-driver-qemu, libvirt-daemon-system-sysv, libvirt, libvirt-daemon-system, libvirt-clients-qemu, libvirt-daemon-driver-storage-gluster, libvirt-daemon-config-nwfilter, libvirt-login-shell, libvirt-daemon-system-systemd, libvirt-daemon-driver-lxc, libvirt-daemon-driver-vbox