libvirt-10.0.0-6.6.el9_4.ML.1
エラータID: AXSA:2024-8603:05
リリース日:
2024/07/26 Friday - 18:58
題名:
libvirt-10.0.0-6.6.el9_4.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- libvirt の virNetClientIOEventLoop() 関数には、関数間
のレースコンディションに起因するスタック領域の
解放後利用の問題があるため、ローカルの攻撃者により、
virtproxyd デーモンの利用を介して、サービス拒否攻撃
を可能とする脆弱性が存在します。(CVE-2024-4418)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-4418
A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.
A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.
追加情報:
N/A
ダウンロード:
SRPMS
- libvirt-10.0.0-6.6.el9_4.ML.1.src.rpm
MD5: 4245ead77f009efe4a75bd8280834ee6
SHA-256: f30feed24d680b8e040cdf40c3ee8bfda631b86986a2cc31260379f66c4da3d0
Size: 9.15 MB
Asianux Server 9 for x86_64
- libvirt-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: b02c9a0645879553de6e4a39a3ad862e
SHA-256: dd92fc9ed41f90dec23efab0f17e98bd9ecafcc40ab49a149f656a8c1216f0cc
Size: 24.68 kB - libvirt-client-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: ef3d3e32985dd1665f400d3d2e241fcb
SHA-256: cd46398eebfecf131a3b031ff530f8ef268fc7f1637e33d68b6fb74f1612379a
Size: 439.97 kB - libvirt-client-qemu-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 49b224a699c24ab62e455678973947f6
SHA-256: babe2c128b96fc1468f39e90ce5a106ec737e131dacf38004dcab310793e96fc
Size: 45.13 kB - libvirt-daemon-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 5152557fe9b2ea1bd6e7acebbfd0072d
SHA-256: 8fb2ffdb1ad46eea067cfffb36594f0f1388d89cd2db19b4fad27af59165ce52
Size: 215.58 kB - libvirt-daemon-common-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: d5de0e8341e3b6beae2dba4461cd8305
SHA-256: 19259485e9adf7693c37c0fe5b2e919b782cb237f3ec0d6da5e668390b980232
Size: 136.89 kB - libvirt-daemon-config-network-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: e9162f04b5a4bcc3964f177af121ace6
SHA-256: bc7e5843ee224c7583459a871bc94ba447ac87beafdf2f287414368d55534f63
Size: 27.05 kB - libvirt-daemon-config-nwfilter-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 51f50c5e7d95fbd454967ca0b6cb7c09
SHA-256: d411adbec4f17989640156c2fdf185a979789840b54e60bddc4244a1a8ac5e6f
Size: 39.29 kB - libvirt-daemon-driver-interface-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 19a1deacd2982625a06ed1a247c22c88
SHA-256: b0e3c08458ce74e4d6d1b92529462de46f96c9f02192e8c94896c1771ff75338
Size: 217.26 kB - libvirt-daemon-driver-network-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 8344912a2313163cd9dfdd747ee6041b
SHA-256: 7a0a68cf345382a01eef726bc24f0a7e837f7bcc2a9abb536d357ab7b21c81f3
Size: 260.90 kB - libvirt-daemon-driver-nodedev-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 245067b629276d5bec11bdd1bc71de70
SHA-256: 846e5f01bde9edfa282083cce2e7976821a7eca7c4e63d78510e0d6b77ae8338
Size: 238.33 kB - libvirt-daemon-driver-nwfilter-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: d27d8f874cd498f0fc092dfc51a755bb
SHA-256: 1f7a3d64aabba6b388d42793e01ab33888ad742fbe88931f449b2e0a875fa500
Size: 253.29 kB - libvirt-daemon-driver-qemu-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 1946bf3ba70801da793d41b56cd267ea
SHA-256: 8ee1555a8bfc9e6525c091e9e6bd064b4616e260badf312023f0ec0c1d8937e1
Size: 974.68 kB - libvirt-daemon-driver-secret-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: b9d9f6f4e5601a79d25099b6fe56e7bf
SHA-256: f3ae488d54d49ada7b1447ccd411ea3587664ce761a288993308c34285ffa2b3
Size: 214.03 kB - libvirt-daemon-driver-storage-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 52a8b390b0d46d5b3ebeac627f4deba8
SHA-256: b5a72c2a95dde0c8c700a4734578d2ea10e2e107c971919af43d0d0d5a631c72
Size: 24.36 kB - libvirt-daemon-driver-storage-core-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 73b3d6f06e386adbbc198530af8ce1a3
SHA-256: 12925d126b47f11734af8faf16ab685fd309490b52d85e771aa93ed1635e936b
Size: 276.78 kB - libvirt-daemon-driver-storage-disk-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 3f0c4df7b5950c45731501cec7bd1609
SHA-256: e16fb78d8b3ad77dfab9a0ed607c89a828b9f786ff0a087ecf811db499e12ea8
Size: 35.62 kB - libvirt-daemon-driver-storage-iscsi-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: b1124e166d9250267d5176f339c5dbef
SHA-256: 1bc3d8f678a8da27654f4dcc1a578c8d24138468c27a0187d52cef8a37457f75
Size: 32.64 kB - libvirt-daemon-driver-storage-logical-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: bee2765089bf3a3c0647abb9892e2c3d
SHA-256: 1acf1988b77beb132f0e93e6eab4b0c1b88f52c74e2f0507ce1f8db2e8d59012
Size: 36.73 kB - libvirt-daemon-driver-storage-mpath-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: bf4b70ed71c445ca9c29597a3c1a0820
SHA-256: 10cd82be8533b91f75d4431ff4dce80470177223375cc2af7a691167c46af0a0
Size: 30.15 kB - libvirt-daemon-driver-storage-rbd-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: f28a81f9d823814901312887679f078f
SHA-256: bb26ecf32dcf70dbfbfa907a85e20bcec0fa27bd7d2d4ae816b033bb00ae2a5c
Size: 40.90 kB - libvirt-daemon-driver-storage-scsi-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: ab58579c325e6ecdc340528dec66c96f
SHA-256: a910cb320c89b80ffe41592d5c3022ad12ed5b9961342702c1f0675ed6ca85a4
Size: 32.39 kB - libvirt-daemon-kvm-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 813c35c3b06ae1686a404f03c7d3f971
SHA-256: f42fa07a884d5fa2b9c20e775a683ac64384e7a78091800c41aa6d719a08699e
Size: 24.59 kB - libvirt-daemon-lock-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 79588094ea2ba43d099cb42c4cc24b76
SHA-256: be969e8f7573a17f072b297ff96957b0be3dc10938decb6fd3101cbc5d526e62
Size: 62.14 kB - libvirt-daemon-log-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: ab13da077bf8d6b2bedf2410bcda2458
SHA-256: 8fb13de7f85c9a6beaa4ddb13d3800fde81a1f5e066d7223d3024d8767c187ac
Size: 66.31 kB - libvirt-daemon-plugin-lockd-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 4991e354df26980801c32dd3942d1ed0
SHA-256: 0162056265b569c6eed0b6d40f8581113344fe7c0b52385940249991db2130db
Size: 35.91 kB - libvirt-daemon-plugin-sanlock-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 158414e687846973e3c1cd075f8a0cf4
SHA-256: 740fda87eba64ea86641a59d5d4d58b2f4482133ad7f542e6f10d080b458e2e2
Size: 47.13 kB - libvirt-daemon-proxy-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 0d34e7eb72a5fc127efe9424ccfd79e4
SHA-256: 14ed75d2ac754ba90c3516d2dce6507756fe7e48bc38751f9b3399304d2966fe
Size: 209.00 kB - libvirt-devel-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 3d116db31aee3b2943fe75c487ebcf44
SHA-256: 57856b7eaa1006f3d389609c81fdfb9e6ac9d5e7ac63be1abaf7aa5df5fec87c
Size: 207.48 kB - libvirt-docs-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: 3c76359165557adcb559819d5db5d5aa
SHA-256: 28d7dabd0885b596c4c783945c2f05eeb4a54f568c1f9d7cfa35e44d144164b3
Size: 1.89 MB - libvirt-libs-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: b85da162d95d7a40560445037688f427
SHA-256: 4d5b520fb4e6b5488abfd6a0a3853d9fc0c584aa25584f903cee53216a24c5da
Size: 4.94 MB - libvirt-nss-10.0.0-6.6.el9_4.ML.1.x86_64.rpm
MD5: c7d4b34683270e8f8bd2232f88d020b4
SHA-256: 549835e0a8594334b851a413950dc40394710fb17fc2ca94ad8dd4b9f9dc6adc
Size: 35.65 kB
English