NS-SA-2025-0189
2025-07-25 16:49:52
简介
moderate: libvirt security update
严重级别
moderate
主题
An update for libvirt is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
详细描述
libvirt:
Security Fix(es):
libvirt: An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-1441)
libvirt: A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-2494)
libvirt: A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.(CVE-2024-4418)
libvirt: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.
影响组件
影响产品
更新包
{"fix":[{"product":"CGSL MAIN 7.02","pkgs":[{"binary":["libvirt-docs-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-proxy-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-plugin-lockd-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-neo-frontend-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-log-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-lock-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-storage-scsi-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-storage-logical-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-nss-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-storage-mpath-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-kvm-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-storage-iscsi-direct-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-devel-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-storage-iscsi-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-storage-gluster-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-storage-disk-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-storage-core-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-plugin-sanlock-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-storage-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-secret-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-qemu-neo-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-qemu-impl-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-qemu-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-nwfilter-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-nodedev-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-network-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-interface-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-driver-interfaceneo-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-config-nwfilter-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-config-network-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-common-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-daemon-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-client-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-9.10.0-3.zncgsl7.110.x86_64.rpm","libvirt-libs-9.10.0-3.zncgsl7.110.x86_64.rpm"],"source":"libvirt-9.10.0-3.zncgsl7.110.src.rpm"}]}]}
CVE
参考