RLSA-2024:2560

See a problem?
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2024:2560.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2024:2560
Related
Published
2024-05-10T14:32:38.114770Z
Modified
2024-05-10T14:34:23.243843Z
Summary
Moderate: libvirt security and bug fix update
Details

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

Security Fixes:

  • libvirt: off-by-one error in udevListInterfacesByStatus() (CVE-2024-1441)

  • libvirt: negative g_new0 length can lead to unbounded memory allocation (CVE-2024-2494)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fixes:

  • libvirt: off-by-one error in udevListInterfacesByStatus() [rhel-9] (JIRA:Rocky Linux-25081)

  • libvirt: negative g_new0 length can lead to unbounded memory allocation [rhel-9] (JIRA:Rocky Linux-29515)

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:9 / libvirt

Package

Name
libvirt
Purl
pkg:rpm/rocky-linux/libvirt?distro=rocky-linux-9&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:10.0.0-6.2.el9_4