Home » libvirt vulnerability: The vulnerability allows a denial of service

libvirt vulnerability: The vulnerability allows a denial of service

by admin
libvirt vulnerability: The vulnerability allows a denial of service

The safety warning issued for libvirt has acquired an replace from BSI. You can learn the way affected customers ought to behave right here.

Federal workplace for Security in Information Technology (BSI) revealed an replace on June 4, 2024 for the libvirt safety vulnerability recognized on March 11, 2024. The safety vulnerability impacts the Linux working system and merchandise Debian Linux, Amazon Linux 2, Red Hat Enterprise Linux, Fedora Linux, Ubuntu Linux, SUSE Linux, Oracle Linux, EMC Avamar, Open Source libvirt and Dell NetWorker.

The newest producer suggestions relating to updates, workarounds and safety patches for this vulnerability might be discovered right here: Oracle Linux Security Advisory ELSA-2024-12406 (As of June 4, 2024). Some helpful sources are listed later on this article.

libvirt safety advisory – Risk: medium

Risk stage: 3 (average)
CVSS Base Score: 5.5
CVSS provisional rating: 4.8
Remote assault: No

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc techniques. The CVSS commonplace makes it attainable to match potential or precise safety dangers primarily based on numerous metrics to create a precedence record for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally have in mind modifications over time within the danger state of affairs. According to CVSS, the severity of the present vulnerability is rated as “average” with 5.5 foundation factors.

See also  14.5-inch Lenovo Slim 7 Pro X with AMD Ryzen 9 6900HS 8-core processor and up to 9 hours of battery life

libvirt Bug: A vulnerability allows a denial of service

Libvirt is a library that gives interfaces and virtualization features for Linux and gives instruments for managing digital techniques.

An area attacker may exploit a vulnerability in libvirt to carry out a denial of service assault.

Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) serial quantity. CVE-2024-1441 on the market.

Systems affected by the libvirt safety vulnerability at a look

working system
Linux

Products
Debian Linux (cpe:/o:debian:debian_linux)
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
EMC Avamar (cpe:/a:emc:avamar)
Open supply libvirt Dell NetWorker digital (cpe:/a:dell:networker)

General suggestions for addressing IT safety gaps

  1. Users of the affected apps ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by creating a patch or workaround. If safety patches can be found, set up them instantly.
  2. For data, see the sources listed within the subsequent part. This typically accommodates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
  3. If you could have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to repeatedly test the required sources to see if a brand new safety replace is offered.

Manufacturer details about updates, patches and workarounds

Here you’ll discover some hyperlinks with details about bug studies, safety fixes and workarounds.

Oracle Linux Security Advisory ELSA-2024-12406 vom 2024-06-04 (04.06.2024)
For extra data, see:

Dell Security Advisory DSA-2024-198 vom 2024-05-08 (07.05.2024)
For extra data, see:

See also  Greentech Index: Indien - TechFieber Greentech Live

Oracle Linux Security Advisory ELSA-2024-2560 vom 2024-05-07 (07.05.2024)
For extra data, see:

Red Hat Security Advisory RHSA-2024:2560 vom 2024-04-30 (01.05.2024)
For extra data, see:

Ubuntu Security Notice USN-6734-2 vom 2024-04-29 (29.04.2024)
For extra data, see:

Amazon Linux Security Advisory ALAS-2024-2513 vom 2024-04-18 (17.04.2024)
For extra data, see:

Ubuntu Security Notice USN-6734-1 vom 2024-04-15 (15.04.2024)
For extra data, see:

Oracle Linux Security Advisory ELSA-2024-12276 vom 2024-04-10 (10.04.2024)
For extra data, see:

SUSE Security Update SUSE-SU-2024:1099-1 vom 2024-04-08 (08.04.2024)
For extra data, see:

Debian Security Advisory DLA-3778 vom 2024-04-01 (01.04.2024)
For extra data, see:

SUSE Security Update SUSE-SU-2024:1005-1 vom 2024-03-27 (27.03.2024)
For extra data, see:

Fedora Security Advisory FEDORA-2024-1A59230214 vom 2024-03-12 (12.03.2024)
For extra data, see:

Fedora Security Advisory FEDORA-2024-D96CDEB8EC vom 2024-03-12 (12.03.2024)
For extra data, see:

RedHat Customer Portal vom 2024-03-11 (11.03.2024)
For extra data, see:

GitHub Advisory Database vom 2024-03-11 (11.03.2024)
For extra data, see:

Version historical past of this safety alert

This is model 12 of this libvirt IT safety discover. If additional updates are introduced, this doc shall be up to date. You can see the modifications made utilizing the model historical past under.

March 11, 2024 – First model
03/12/2024 – New updates from Fedora added
03/27/2024 – New updates from SUSE added
April 1, 2024 – New updates from Debian added
04/08/2024 – New updates from SUSE added
April 10, 2024 – New updates for Oracle Linux have been added
April 15, 2024 – Added new character updates
April 17, 2024 – Added new updates from Amazon
April 29, 2024 – Added new character updates
May 1, 2024 – New updates from Red Hat added
May 7, 2024 – Added new updates from Oracle Linux and Dell
June 4, 2024 – New Oracle Linux updates added

See also  Ingenuity to build a dream, taste the legend, Samsung W23 opens a new "vision" field of folding screen_TOM

+++ Editorial observe: This doc is predicated on present BSI knowledge and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover scorching information, present movies and a direct line to the editorial staff.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy