From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 182C41581F0 for ; Wed, 11 Dec 2024 08:42:57 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 19300E0992; Wed, 11 Dec 2024 08:41:39 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4477FE0961 for ; Wed, 11 Dec 2024 08:41:17 +0000 (UTC) Received: from glsamakerdev.dev.gentoo.org (unknown [140.211.166.178]) by smtp.gentoo.org (Postfix) with ESMTP id 9FF50335DC0 for ; Wed, 11 Dec 2024 08:41:16 +0000 (UTC) Received: from [172.18.0.3] (unknown [172.18.0.3]) by glsamakerdev.dev.gentoo.org (Postfix) with ESMTP id 87481C7705 for ; Wed, 11 Dec 2024 08:41:16 +0000 (UTC) Subject: [gentoo-announce] [ GLSA 202412-16 ] libvirt: Multiple Vulnerabilities Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="===============3519504331611232423==" From: glsamaker@gentoo.org To: gentoo-announce@lists.gentoo.org Reply-To: security@gentoo.org Date: Wed, 11 Dec 2024 08:41:16 -0000 Message-ID: <173390647655.7.4966886962814383354@3f85d36892cf> X-Archives-Salt: 05b194ae-6e59-4347-8ef1-b53b6eabd064 X-Archives-Hash: 1d4571fa1a888531630059f3532b5129 --===============3519504331611232423== Content-Type: text/plain; charset="utf-8" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202412-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libvirt: Multiple Vulnerabilities Date: December 11, 2024 Bugs: #908042, #916497, #929966 ID: 202412-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in libvirt, the worst of which could lead to a denial of service. Background ========== libvirt is a C toolkit for manipulating virtual machines. Affected packages ================= Package Vulnerable Unaffected --------------------- ------------ ------------ app-emulation/libvirt < 10.2.0 >= 10.2.0 Description =========== Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libvirt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-10.2.0" References ========== [ 1 ] CVE-2023-2700 https://nvd.nist.gov/vuln/detail/CVE-2023-2700 [ 2 ] CVE-2023-3750 https://nvd.nist.gov/vuln/detail/CVE-2023-3750 [ 3 ] CVE-2024-2494 https://nvd.nist.gov/vuln/detail/CVE-2024-2494 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202412-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --===============3519504331611232423== Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmdZUCwACgkQFMQkOaVy +9nNcw/+PF9R4/muzelI/dsQORs8Fffm7mVvC9WnsrD3BXRToU3EzqLcZ4KPS380 Sr1jQj+wvhiQ4Cugr8VrheNi1/CDcZEXssnTJyEigZEtueLisUADUQR1aQNlifQd CD6ytm36NMsk7ib01RWVufct1e0UGS8fnq5Gjc6WlQX+nurlQ0HIhcdQNNL5p4mE b+3enInuC/03OtPBsCZK5nkBoQu1+Ms2bldAp9H5ZK/oaxJJU811eBtK8zy7UrQH IyCh0K4nTVmHb7CJv30tamPLGe9JMBy2ezobM04yDmfsIVSn4e2BkOIhszdvL+ua BgdF5oyiNCgN7B2yUNZCF+wBlmjFDKv+xMX50J+dWfnJkVPdcbVDRxqO4zoa59Yw qVPLcNWLj04IW9P/LPLV3CH5yJgUvZce/DjyJ+/VaL7JxO7Ymdp8H5g+wBl0hgZb fppBgjrninN1m7ISgAad83H3QsZtE5B9zQnN2s3UC1T9F0UrZcAzArM3anUQyH8s G3iM3nQosREcOpCdzZX+lpwV1xEJBZpXkZZX94iV0xXPIJIQQPkMvIuJmuEtYFwD sdGsIg2JdBkFmqvOJhoLKh8hCzd4cYxonPf0XRHDN6ti/QXBhO9MhLYyTSrvcSU/ aPlsyYIvPrfNDBAqwTlA5n1HrumJRdpGSxM4HhEJTNtgiSUWb5g= =m6eu -----END PGP SIGNATURE----- --===============3519504331611232423==--