Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 495
Alerts This Week
Warning Icon 1 495

Ubuntu 21.10: USN-5399-1 Critical: Libvirt Denial of Service

ubuntu
Calendar Grey May 2, 2022
Dist Ubuntu Esm H88
Multiple security flaws within libvirt were resolved in Ubuntu updates, affecting system integrity and leading to possible stability problems.
Several security issues were fixed in libvirt.

Summary

Several security issues were fixed in libvirt.

Software Description:

- libvirt: Libvirt virtualization toolkit

Details:

It was discovered that libvirt incorrectly handled certain locking

operations. A local attacker could possibly use this issue to cause libvirt

to stop accepting connections, resulting in a denial of service. This issue

only affected Ubuntu 20.04 LTS. (CVE-2021-3667)

It was discovered that libvirt incorrectly handled threads during shutdown.

A local attacker could possibly use this issue to cause libvirt to crash,

resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS

and Ubuntu 20.04 LTS. (CVE-2021-3975)

It was discovered that libvirt incorrectly handled the libxl driver. An

attacker inside a guest could possibly use this issue to cause libvirtd

to crash or stop responding, resulting in a denial of service. This issue

only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10.

(CVE-2021-4147)

It was discov...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  libvirt-daemon                  7.6.0-0ubuntu1.2
  libvirt-daemon-system           7.6.0-0ubuntu1.2
  libvirt0                        7.6.0-0ubuntu1.2

Ubuntu 20.04 LTS:
  libvirt-daemon                  6.0.0-0ubuntu8.16
  libvirt-daemon-system           6.0.0-0ubuntu8.16
  libvirt0                        6.0.0-0ubuntu8.16

Ubuntu 18.04 LTS:
  libvirt-daemon                  4.0.0-1ubuntu8.21
  libvirt-daemon-system           4.0.0-1ubuntu8.21
  libvirt0                        4.0.0-1ubuntu8.21

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5399-1

CVE-2020-25637, CVE-2021-3631, CVE-2021-3667, CVE-2021-3975,

CVE-2021-4147, CVE-2022-0897

Severity
critical
Lowest
Low
Medium
High
Critical

May 02, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.