Mageia Advisory: MGASA-2024-0114 - Updated libvirt packages fix security vulnerability

Updated libvirt packages fix security vulnerability

Publication date: 06 Apr 2024
Modification date: 06 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-2494

Description

A flaw was found in the RPC library APIs of libvirt. The RPC server
deserialization code allocates memory for arrays before the non-negative
length check is performed by the C API entry points. Passing a negative
length to the g_new0 function results in a crash due to the negative
length being treated as a huge positive number. This flaw allows a
local, unprivileged user to perform a denial of service attack by
causing the libvirt daemon to crash. (CVE-2024-2494)

References

https://bugs.mageia.org/show_bug.cgi?id=33047
https://lwn.net/Articles/967956/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2494

SRPMS

9/core

libvirt-9.6.0-1.1.mga9

Advisories » MGASA-2024-0114

Updated libvirt packages fix security vulnerability

Description

References

SRPMS

9/core