Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Ubuntu: 6126-1 Moderate: Libvirt Issues Leading to DoS Risk

ubuntu
Calendar Grey May 31, 2023
Dist Ubuntu Esm H88
Recent security weaknesses in Libvirt impact several versions of Ubuntu. Comprehensive update guidelines along with advisory specifics provided.
Several security issues were fixed in libvirt.

Summary

Several security issues were fixed in libvirt.

Software Description:

- libvirt: Libvirt virtualization toolkit

Details:

It was discovered that libvirt incorrectly handled the nwfilter driver. A

local attacker could possibly use this issue to cause libvirt to crash,

resulting in a denial of service. This issue only affected Ubuntu 22.04

LTS. (CVE-2022-0897)

It was discovered that libvirt incorrectly handled queries for the SR-IOV

PCI device capabilities. A local attacker could possibly use this issue to

cause libvirt to consume resources, leading to a denial of service.

(CVE-2023-2700)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
   libvirt-daemon                  9.0.0-2ubuntu1.1
   libvirt-daemon-system           9.0.0-2ubuntu1.1
   libvirt0                        9.0.0-2ubuntu1.1

Ubuntu 22.10:
   libvirt-daemon                  8.6.0-0ubuntu3.2
   libvirt-daemon-system           8.6.0-0ubuntu3.2
   libvirt0                        8.6.0-0ubuntu3.2

Ubuntu 22.04 LTS:
   libvirt-daemon                  8.0.0-1ubuntu7.5
   libvirt-daemon-system           8.0.0-1ubuntu7.5
   libvirt0                        8.0.0-1ubuntu7.5

After a standard system update you need to reboot your computer to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-6126-1

CVE-2022-0897, CVE-2023-2700

Severity
important
Lowest
Low
Medium
High
Critical

May 31, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.