安全公告详情

NS-SA-2025-0225

2025-09-30 16:49:52

简介

moderate: tcl/libvirt security update

严重级别

moderate

主题

An update for tcl/libvirt is now available for NewStart CGSL MAIN 6.06.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

tcl:
libvirt:


Security Fix(es):
tcl: The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.(CVE-2007-4772)
tcl: bugfix
libvirt: A memory leak flaw was found in the libvirt API that is responsible for retrieving domain stats when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the `domstats` command, resulting in a potential denial of service.(CVE-2020-12430)
libvirt: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.06.01B6.

影响组件

  • tcl
  • libvirt

影响产品

  • CGSL MAIN 6.06

更新包

{"fix":[{"product":"CGSL MAIN 6.06","pkgs":[{"binary":["tcl-8.6.8-2.zncgsl6.x86_64.rpm","tcl-devel-8.6.8-2.zncgsl6.x86_64.rpm","tcl-doc-8.6.8-2.zncgsl6.noarch.rpm"],"source":"tcl-8.6.8-2.zncgsl6.src.rpm"},{"binary":["libvirt-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-admin-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-bash-completion-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-client-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-config-network-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-config-nwfilter-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-interface-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-network-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-nodedev-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-nwfilter-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-qemu-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-secret-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-scsi-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-rbd-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-mpath-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-logical-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-iscsi-direct-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-iscsi-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-gluster-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-disk-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-driver-storage-core-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-daemon-kvm-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-devel-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-docs-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-libs-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-lock-sanlock-5.9.0-2.zncgsl6.t2.0.x86_64.rpm","libvirt-nss-5.9.0-2.zncgsl6.t2.0.x86_64.rpm"],"source":"libvirt-5.9.0-2.zncgsl6.t2.0.src.rpm"}]}]}

CVE

参考