Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

Red Hat Enterprise Linux 9 RHSA-2022-8003 Low: libvirt DoS Risk

red hat
Calendar Grey November 15, 2022
Dist Redhat Esm H88
Red Hat introduces a critical security and maintenance patch for libvirt within RHEL 9. Make sure your systems remain protected.
An update for libvirt is now available for Red Hat Enterprise Linux 9

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted automatically.

Summary

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.
The following packages have been upgraded to a later upstream version: libvirt (8.5.0). (BZ#2060313)
Security Fix(es):
* libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service (CVE-2022-0897)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

References

https://access.redhat.com/security/cve/CVE-2022-0897 https://access.redhat.com/security/updates/classification#low https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.1_release_notes/index

Package List

Red Hat Enterprise Linux AppStream (v. 9):
Source: libvirt-8.5.0-7.el9_1.src.rpm
aarch64: libvirt-8.5.0-7.el9_1.aarch64.rpm libvirt-client-8.5.0-7.el9_1.aarch64.rpm libvirt-client-debuginfo-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-config-network-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-config-nwfilter-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-debuginfo-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-driver-interface-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-driver-interface-debuginfo-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-driver-network-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-driver-network-debuginfo-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-driver-nodedev-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-driver-nodedev-debuginfo-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-driver-nwfilter-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-driver-nwfilter-debuginfo-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-driver-qemu-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-driver-qemu-debuginfo-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-driver-secret-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-driver-secret-debuginfo-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-driver-storage-8.5.0-7.el9_1.aarch64.rpm libvirt-daemon-driver-storage-core-8.5.0-7.el9_1.aarch64.rpm

Read the Full Advisory


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2022:8003-01
Product: Red Hat Enterprise Linux
Issue date: 2022-11-15

Topic

An update for libvirt is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

1475431 - migration/postcopy: Handle network failures (libvirt)

1653327 - libvirt: Implement virtio-iommu support for aarch64

1745868 - Remove the support for 'virtio-input-host-pci-{non-}transitional model

1866400 - RFE: provide API which allows to take memory snapshot in sync with storage when storage is outsourced (e.g. using vhost-user-blk)

1901394 - --tls-destination doesn't take effect for disk migration

1910856 - Disk pool changed to be inactive after restarting libvirtd

1999372 - Error unclear when starting guest with wrong virtiofsd path

2026765 - Can't define a TFTP server without a DHCP server in network configuration

2035163 - Starting guest with spice audio backend should fail when SPICE graphics is disabled in QEMU

2036300 - video heads can be configured for 'bochs_display' even max_outputs is not supported

2037146 - Better to report error when setting acpi index='0' in device

2038045 - Documentation about using virt-admin to manage other daemons should be added

2040548 - 'unassigned' address type changed after hotplug

2040555 - Pinning iothread to not allowed cpuset fails but vm xml got updated unexpectedly

2041665 - guestinfo returns wrong value when domain's filesystems are frozen

2045953 - 'virsh nodedev-list --cap storage' doesn't list host nvme storage

2045959 - Not update Documentation for systemd config file

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.