Gentoo alert 202412-16 (libvirt)
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202412-16 ] libvirt: Multiple Vulnerabilities | |
| Date: | Wed, 11 Dec 2024 08:41:16 -0000 | |
| Message-ID: | <173390647655.7.4966886962814383354@3f85d36892cf> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202412-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libvirt: Multiple Vulnerabilities Date: December 11, 2024 Bugs: #908042, #916497, #929966 ID: 202412-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in libvirt, the worst of which could lead to a denial of service. Background ========== libvirt is a C toolkit for manipulating virtual machines. Affected packages ================= Package Vulnerable Unaffected --------------------- ------------ ------------ app-emulation/libvirt < 10.2.0 >= 10.2.0 Description =========== Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libvirt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-10.2.0" References ========== [ 1 ] CVE-2023-2700 https://nvd.nist.gov/vuln/detail/CVE-2023-2700 [ 2 ] CVE-2023-3750 https://nvd.nist.gov/vuln/detail/CVE-2023-3750 [ 3 ] CVE-2024-2494 https://nvd.nist.gov/vuln/detail/CVE-2024-2494 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202412-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmdZUCwACgkQFMQkOaVy +9nNcw/+PF9R4/muzelI/dsQORs8Fffm7mVvC9WnsrD3BXRToU3EzqLcZ4KPS380 Sr1jQj+wvhiQ4Cugr8VrheNi1/CDcZEXssnTJyEigZEtueLisUADUQR1aQNlifQd CD6ytm36NMsk7ib01RWVufct1e0UGS8fnq5Gjc6WlQX+nurlQ0HIhcdQNNL5p4mE b+3enInuC/03OtPBsCZK5nkBoQu1+Ms2bldAp9H5ZK/oaxJJU811eBtK8zy7UrQH IyCh0K4nTVmHb7CJv30tamPLGe9JMBy2ezobM04yDmfsIVSn4e2BkOIhszdvL+ua BgdF5oyiNCgN7B2yUNZCF+wBlmjFDKv+xMX50J+dWfnJkVPdcbVDRxqO4zoa59Yw qVPLcNWLj04IW9P/LPLV3CH5yJgUvZce/DjyJ+/VaL7JxO7Ymdp8H5g+wBl0hgZb fppBgjrninN1m7ISgAad83H3QsZtE5B9zQnN2s3UC1T9F0UrZcAzArM3anUQyH8s G3iM3nQosREcOpCdzZX+lpwV1xEJBZpXkZZX94iV0xXPIJIQQPkMvIuJmuEtYFwD sdGsIg2JdBkFmqvOJhoLKh8hCzd4cYxonPf0XRHDN6ti/QXBhO9MhLYyTSrvcSU/ aPlsyYIvPrfNDBAqwTlA5n1HrumJRdpGSxM4HhEJTNtgiSUWb5g= =m6eu -----END PGP SIGNATURE-----