========================================================================== Ubuntu Security Notice USN-6734-1 April 15, 2024 libvirt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in libvirt. Software Description: - libvirt: Libvirt virtualization toolkit Details: Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. (CVE-2024-1441) It was discovered that libvirt incorrectly handled certain RPC library API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. (CVE-2024-2494) It was discovered that libvirt incorrectly handled detaching certain host interfaces. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. (CVE-2024-2496) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: libvirt-daemon 9.6.0-1ubuntu1.1 libvirt-daemon-system 9.6.0-1ubuntu1.1 libvirt0 9.6.0-1ubuntu1.1 Ubuntu 22.04 LTS: libvirt-daemon 8.0.0-1ubuntu7.10 libvirt-daemon-system 8.0.0-1ubuntu7.10 libvirt0 8.0.0-1ubuntu7.10 Ubuntu 20.04 LTS: libvirt-daemon 6.0.0-0ubuntu8.19 libvirt-daemon-system 6.0.0-0ubuntu8.19 libvirt0 6.0.0-0ubuntu8.19 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6734-1 CVE-2024-1441, CVE-2024-2494, CVE-2024-2496 Package Information: https://launchpad.net/ubuntu/+source/libvirt/9.6.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/libvirt/8.0.0-1ubuntu7.10 https://launchpad.net/ubuntu/+source/libvirt/6.0.0-0ubuntu8.19