USN-6734-1: libvirt vulnerabilities
15 April 2024
Several security issues were fixed in libvirt.
Releases
Packages
- libvirt - Libvirt virtualization toolkit
Details
Alexander Kuznetsov discovered that libvirt incorrectly handled certain API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-1441)
It was discovered that libvirt incorrectly handled certain RPC library API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-2494)
It was discovered that libvirt incorrectly handled detaching certain host
interfaces. An attacker could possibly use this issue to cause libvirt to
crash, resulting in a denial of service. (CVE-2024-2496)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10
-
libvirt-daemon
-
9.6.0-1ubuntu1.1
-
libvirt-daemon-system
-
9.6.0-1ubuntu1.1
-
libvirt0
-
9.6.0-1ubuntu1.1
Ubuntu 22.04
-
libvirt-daemon
-
8.0.0-1ubuntu7.10
-
libvirt-daemon-system
-
8.0.0-1ubuntu7.10
-
libvirt0
-
8.0.0-1ubuntu7.10
Ubuntu 20.04
-
libvirt-daemon
-
6.0.0-0ubuntu8.19
-
libvirt-daemon-system
-
6.0.0-0ubuntu8.19
-
libvirt0
-
6.0.0-0ubuntu8.19
After a standard system update you need to reboot your computer to make all
the necessary changes.