An IT safety alert replace for identified vulnerabilities has been issued for libvirt. You can learn an outline of the safety hole together with the newest updates and details about affected working techniques and merchandise right here.
Federal workplace for Security in Information Technology (BSI) printed an replace on May 21, 2024 for the libvirt safety vulnerability identified on March 21, 2024. The safety vulnerability impacts the Linux working system and merchandise Debian Linux, Amazon Linux 2, Red Hat Enterprise Linux, Ubuntu Linux, SUSE Linux, Oracle Linux and the open supply libvirt.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:3253 (From 22 May 2024). Some helpful sources are listed later on this article.
libvirt safety advisory – Risk: medium
Risk degree: 3 (average)
CVSS Base Score: 5.5
CVSS provisional rating: 4.8
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc techniques. The CVSS commonplace makes it doable to check potential or precise safety dangers primarily based on numerous metrics as a way to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For non permanent impact, body circumstances which will change over time are thought of within the check. The severity of the vulnerability talked about right here is classed as “average” in response to the CVSS with a base rating of 5.5.
libvirt Bug: A vulnerability permits a denial of service
Libvirt is a library that gives interfaces and features for Linux virtualization and supplies instruments for managing digital techniques.
An area attacker may exploit a vulnerability in libvirt to carry out a denial of service assault.
Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) ID quantity. CVE-2024-2494 on the market.
Systems affected by the libvirt safety vulnerability at a look
working system
Linux
Products
Debian Linux (cpe:/o:debian:debian_linux)
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
Open supply libvirt (cpe:/a:redhat:libvirt)
General suggestions for coping with IT vulnerabilities
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This usually incorporates extra details about the newest model of the software program in query and the provision of safety patches or efficiency suggestions.
- If you may have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to usually examine the desired sources to see if a brand new safety replace is on the market.
Sources for updates, patches and workarounds
Here you will see that some hyperlinks with details about bug studies, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3253 vom 2024-05-22 (21.05.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-2560 vom 2024-05-07 (07.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2560 vom 2024-04-30 (01.05.2024)
For extra info, see:
Ubuntu Security Notice USN-6734-2 vom 2024-04-29 (29.04.2024)
For extra info, see:
Amazon Linux Security Advisory ALAS-2024-2513 vom 2024-04-18 (17.04.2024)
For extra info, see:
Ubuntu Security Notice USN-6734-1 vom 2024-04-15 (15.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1099-1 vom 2024-04-08 (08.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1100-1 vom 2024-04-08 (08.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1083-1 vom 2024-04-02 (01.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1078-1 vom 2024-04-01 (01.04.2024)
For extra info, see:
Debian Security Advisory DLA-3778 vom 2024-04-01 (01.04.2024)
For extra info, see:
GitHub Advisory Database vom 2024-03-21 (21.03.2024)
For extra info, see:
Version historical past of this safety alert
This is model 9 of this libvirt IT safety discover. If additional updates are introduced, this doc will probably be up to date. You can see the adjustments made utilizing the model historical past under.
March 21, 2024 – First model
April 1, 2024 – New updates from Debian and SUSE added
April 8, 2024 – New updates from SUSE added
April 15, 2024 – Added new persona updates
April 17, 2024 – Added new updates from Amazon
April 29, 2024 – Added new persona updates
May 1, 2024 – New updates from Red Hat added
May 7, 2024 – New Oracle Linux updates added
May 21, 2024 – New updates from Red Hat added
+++ Editorial be aware: This doc is predicated on present BSI knowledge and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that sizzling information, present movies and a direct line to the editorial group.
kns/roj/information.de