摘要:
libvirt security update
安全等级: Medium
公告ID: KylinSec-SA-2024-3142
发布日期: 2024年4月19日
关联CVE: CVE-2024-1441 CVE-2024-2494
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support.
Security Fix(es):
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-1441)
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-2494)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-1441 | KY3.4-5A | libvirt | Fixed |
| CVE-2024-2494 | KY3.4-5A | libvirt | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| libvirt-wireshark | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-nwfilter | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-lock-sanlock | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-scsi | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-mpath | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-iscsi-direct | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-client | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-network | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-secret | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-admin | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-devel | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-qemu | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-docs | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-iscsi | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-disk | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-config-network | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-nodedev | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-qemu | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-gluster | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-libs | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-interface | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-nss | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-kvm | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-rbd | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-config-nwfilter | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-logical | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-bash-completion | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-core | x86_64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-qemu | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-rbd | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-config-network | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-admin | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-iscsi-direct | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-bash-completion | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-mpath | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-kvm | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-interface | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-logical | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-config-nwfilter | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-core | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-devel | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-gluster | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-secret | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-nss | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-docs | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-nodedev | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-libs | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-disk | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-qemu | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-nwfilter | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-client | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-lock-sanlock | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-scsi | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-network | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-wireshark | aarch64 | 6.2.0-25.kb1.ky3_4 |
| libvirt-daemon-driver-storage-iscsi | aarch64 | 6.2.0-25.kb1.ky3_4 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
libvirt-daemon-driver-nwfilter
libvirt-daemon-driver-storage-scsi
libvirt-daemon-driver-storage-mpath
libvirt-daemon-driver-storage-iscsi-direct
libvirt-daemon-driver-storage-iscsi
libvirt-daemon-driver-storage-disk
libvirt-daemon-driver-storage-gluster
libvirt-daemon-driver-interface
libvirt-daemon-driver-storage-rbd
libvirt-daemon-config-nwfilter
libvirt-daemon-driver-storage-logical
libvirt-daemon-driver-storage-core
libvirt-daemon-driver-storage-rbd
libvirt-daemon-driver-storage-iscsi-direct
libvirt-daemon-driver-storage-mpath
libvirt-daemon-driver-interface
libvirt-daemon-driver-storage-logical
libvirt-daemon-config-nwfilter
libvirt-daemon-driver-storage-core
libvirt-daemon-driver-storage-gluster
libvirt-daemon-driver-storage-disk
libvirt-daemon-driver-nwfilter
