USN-6734-2: libvirt vulnerabilities
29 April 2024
Several security issues were fixed in libvirt.
Releases
Packages
- libvirt - Libvirt virtualization toolkit
Details
USN-6734-1 fixed vulnerabilities in libvirt. This update provides the
corresponding updates for Ubuntu 24.04 LTS.
Original advisory details:
Alexander Kuznetsov discovered that libvirt incorrectly handled certain API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-1441)
It was discovered that libvirt incorrectly handled certain RPC library API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-2494)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04
-
libvirt-daemon
-
10.0.0-2ubuntu8.1
-
libvirt-daemon-system
-
10.0.0-2ubuntu8.1
-
libvirt0
-
10.0.0-2ubuntu8.1
After a standard system update you need to reboot your computer to make all
the necessary changes.