Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2024.0114
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2024-0114)
Zusammenfassung:	The remote host is missing an update for the 'libvirt' package(s) announced via the MGASA-2024-0114 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the MGASA-2024-0114 advisory. Vulnerability Insight: A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash. (CVE-2024-2494) Affected Software/OS: 'libvirt' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-2494 RHBZ#2270115 https://bugzilla.redhat.com/show_bug.cgi?id=2270115 RHSA-2024:2560 https://access.redhat.com/errata/RHSA-2024:2560 RHSA-2024:3253 https://access.redhat.com/errata/RHSA-2024:3253 https://access.redhat.com/security/cve/CVE-2024-2494 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/
Copyright	Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.