摘要:
libvirt security update
安全等级: Medium
公告ID: KylinSec-SA-2024-4789
发布日期: 2025年2月17日
关联CVE: CVE-2024-4418
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support.
Security Fix(es):
A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.(CVE-2024-4418)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-4418 | V6 | libvirt | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| libvirt-daemon-plugin-lockd | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-secret | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-config-network | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-libs | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-log | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-iscsi-direct | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-nwfilter | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-network | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-client | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-logical | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-iscsi | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-mpath | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-nodedev | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-proxy | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-lock | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-common | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-qemu | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-config-nwfilter | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-scsi | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-qemu | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-interface | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-rbd | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-gluster | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-kvm | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-core | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-devel | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-wireshark | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-plugin-sanlock | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-disk | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-docs | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt-nss | x86_64 | 9.10.0-11.ks6.kb2 |
| libvirt | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-config-nwfilter | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-qemu | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-interface | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-iscsi-direct | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-devel | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-nss | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-plugin-sanlock | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-wireshark | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-nodedev | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-lock | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-disk | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-gluster | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-libs | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-core | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-network | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-nwfilter | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-config-network | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-log | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-client | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-secret | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-proxy | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-docs | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-plugin-lockd | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-kvm | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-common | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-iscsi | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-mpath | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-rbd | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-qemu | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-scsi | aarch64 | 9.10.0-11.ks6.kb2 |
| libvirt-daemon-driver-storage-logical | aarch64 | 9.10.0-11.ks6.kb2 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
libvirt-daemon-driver-storage-iscsi-direct
libvirt-daemon-driver-nwfilter
libvirt-daemon-driver-storage-logical
libvirt-daemon-driver-storage-iscsi
libvirt-daemon-driver-storage-mpath
libvirt-daemon-config-nwfilter
libvirt-daemon-driver-storage-scsi
libvirt-daemon-driver-interface
libvirt-daemon-driver-storage-rbd
libvirt-daemon-driver-storage-gluster
libvirt-daemon-driver-storage-core
libvirt-daemon-driver-storage-disk
libvirt-daemon-config-nwfilter
libvirt-daemon-driver-interface
libvirt-daemon-driver-storage-iscsi-direct
libvirt-daemon-driver-storage-disk
libvirt-daemon-driver-storage-gluster
libvirt-daemon-driver-storage-core
libvirt-daemon-driver-nwfilter
libvirt-daemon-driver-storage-iscsi
libvirt-daemon-driver-storage-mpath
libvirt-daemon-driver-storage-rbd
