安全公告详情

NS-SA-2025-0071

2025-05-28 09:42:09

简介

moderate: libvirt/libvpx security update

严重级别

moderate

主题

An update for libvirt/libvpx is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

libvirt:
libvpx:


Security Fix(es):
libvirt: An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-1441)
libvirt: A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-2494)
libvirt: bugfix
libvpx: A flaw was found in libvpx. When creating images, libvpx trusts the width, height, and alignment of the user input. However, it does not properly validate the provided values. This flaw allows an attacker to craft user inputs or trick the user into opening crafted files, where these types of values are invalid, leading to integer overflows during memory allocation procedures. A successful full attack leads to the targeted application crashing, resulting in a denial of service or memory corruption, which results in data integrity issues.(CVE-2024-5197)
libvpx: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.02B7.

影响组件

  • libvirt
  • libvpx

影响产品

  • CGSL MAIN 7.02

更新包

{"fix":[{"product":"CGSL MAIN 7.02","pkgs":[{"binary":["libvirt-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-client-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-common-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-config-network-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-config-nwfilter-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-interface-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-interfaceneo-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-network-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-nodedev-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-nwfilter-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-qemu-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-qemu-impl-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-qemu-neo-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-secret-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-storage-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-storage-core-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-storage-disk-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-storage-gluster-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-storage-iscsi-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-storage-iscsi-direct-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-storage-logical-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-storage-mpath-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-driver-storage-scsi-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-kvm-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-lock-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-log-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-neo-frontend-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-plugin-lockd-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-plugin-sanlock-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-daemon-proxy-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-devel-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-docs-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-libs-9.10.0-3.zncgsl7.103.x86_64.rpm","libvirt-nss-9.10.0-3.zncgsl7.103.x86_64.rpm"],"source":"libvirt-9.10.0-3.zncgsl7.103.src.rpm"},{"binary":["libvpx-1.12.0-3.zncgsl7.4.x86_64.rpm"],"source":"libvpx-1.12.0-3.zncgsl7.4.src.rpm"}]}]}
CGSL MAIN 7.02
  • libvirt-9.10.0-3.zncgsl7.103.src.rpm
    • libvirt-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-client-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-common-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-config-network-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-config-nwfilter-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-interface-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-interfaceneo-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-network-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-nodedev-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-nwfilter-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-qemu-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-qemu-impl-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-qemu-neo-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-secret-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-storage-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-storage-core-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-storage-disk-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-storage-gluster-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-storage-iscsi-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-storage-iscsi-direct-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-storage-logical-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-storage-mpath-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-driver-storage-scsi-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-kvm-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-lock-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-log-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-neo-frontend-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-plugin-lockd-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-plugin-sanlock-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-daemon-proxy-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-devel-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-docs-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-libs-9.10.0-3.zncgsl7.103.x86_64.rpm
    • libvirt-nss-9.10.0-3.zncgsl7.103.x86_64.rpm
  • libvpx-1.12.0-3.zncgsl7.4.src.rpm
    • libvpx-1.12.0-3.zncgsl7.4.x86_64.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108