Your message dated Wed, 20 Mar 2024 23:09:10 +0000
with message-id <[email protected]>
and subject line Bug#1066058: fixed in libvirt 10.1.0-1
has caused the Debian Bug report #1066058,
regarding libvirt: CVE-2024-1441
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1066058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066058
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libvirt
Version: 10.0.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 9.0.0-4
Control: found -1 7.0.0-3+deb11u2
Control: found -1 7.0.0-3
Hi,
The following vulnerability was published for libvirt.
CVE-2024-1441[0]:
| An off-by-one error flaw was found in the
| udevListInterfacesByStatus() function in libvirt when the number of
| interfaces exceeds the size of the `names` array. This issue can be
| reproduced by sending specially crafted data to the libvirt daemon,
| allowing an unprivileged client to perform a denial of service
| attack by causing the libvirt daemon to crash.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-1441
https://www.cve.org/CVERecord?id=CVE-2024-1441
[1]
https://gitlab.com/libvirt/libvirt/-/commit/c664015fe3a7bf59db26686e9ed69af011c6ebb8
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libvirt
Source-Version: 10.1.0-1
Done: Andrea Bolognani <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrea Bolognani <[email protected]> (supplier of updated libvirt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 20 Mar 2024 00:18:12 +0100
Source: libvirt
Architecture: source
Version: 10.1.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Libvirt Maintainers
<[email protected]>
Changed-By: Andrea Bolognani <[email protected]>
Closes: 1066058
Changes:
libvirt (10.1.0-1) unstable; urgency=medium
.
* [517918e] New upstream version 10.1.0
- Fixes CVE-2024-1441 (Closes: #1066058)
* [84128fe] patches: Drop backports
Checksums-Sha1:
10528ebdf5f061064e2aa9e3f910813efec35b70 6017 libvirt_10.1.0-1.dsc
661263a26b2afc27f1ff99710c0161340129f8ef 9444244 libvirt_10.1.0.orig.tar.xz
05cceda2db9e3e0ac3ed1223e08e05a4c8a91cbb 833 libvirt_10.1.0.orig.tar.xz.asc
22a65e1c00aa52004fd0c0463ea96dac88a0ecf1 88068 libvirt_10.1.0-1.debian.tar.xz
287caedde3ca5a0aacc3e321cce4fc9959773529 13139
libvirt_10.1.0-1_source.buildinfo
Checksums-Sha256:
714f7283036f9fa27fce5d08fb5905d7173eda1fdc2846479cb25773989c3853 6017
libvirt_10.1.0-1.dsc
36d9077e2b0ef6b0c6df3b42e42a67411b6ce3b1564b427b55e65019dde60eed 9444244
libvirt_10.1.0.orig.tar.xz
024da80baf95aec52241f53474ee9b86ef9fee9ac103f5a714a5e336547f9704 833
libvirt_10.1.0.orig.tar.xz.asc
6348e85c6b43026f29295ec6ecd3ed460e68fe30e806e42a62e1948d615e2d3c 88068
libvirt_10.1.0-1.debian.tar.xz
6660959a99311929e7babe9390a8ca7ec2c1ef90f8b7704e2339fb44ea3484c1 13139
libvirt_10.1.0-1_source.buildinfo
Files:
0402330d19e4c0729e1550c86f4d9659 6017 libs optional libvirt_10.1.0-1.dsc
8c762b62d0373b5807d6d413001651b4 9444244 libs optional
libvirt_10.1.0.orig.tar.xz
0b68d35e9d34c46c7e92170c829a2b00 833 libs optional
libvirt_10.1.0.orig.tar.xz.asc
705c830052816ed989acb1fba9b7fbf8 88068 libs optional
libvirt_10.1.0-1.debian.tar.xz
8eb32508dc5a8b4d01a1ad58d6828d0d 13139 libs optional
libvirt_10.1.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEO48t9niVypx3EjLf954fxUKFg6wFAmX7YcMPHGVvZkBraXl1
a28ub3JnAAoJEPeeH8VChYOsWwMQAKz8NzTuhc6uakNdM+xhs0Y+16HY+d54mLKT
vze+4T0d8IO2IZc3lXNkDoZiwkoWF9KM0BC36Rmw8jty4I3VWhD5zlH0Qum6Ra3p
UPPaU8LMgQ0nNaNU9egE3EjKsGAo5yfzPJOKOqaYpsTO/cKmMNWx9L26XwVwtSsE
V20J3j0KMWffZsANJDlLPogbBD4UPfxxpruU3b708vgf20hcinoXflRhkog20gHU
CnNKpC+WbN/zEuaACbD4O7238RL2HalMD8AUKIdkEJS0/QbUNsFmjtR96LKVNATg
MoF4uy4+H7GhXUtRhOfIgZ5D62/XmFokHL2gVdzOFqmao4cFHyfS37I1YJONd1ui
wPu3DAeuI//9bF2hUVGi/ikb9NUbl5QJH1XZxPekdKSRsHOQtKdd5AJRFcJ8S865
UPdVLCH+Dt9P4xJgKnNAiiQgljAiWvlysQrT/93bY3b14sO32HOx49GGaHQN9SRT
VgJEbx2OrgFqsXgOL+ku7BamlWkcgMxmpbZRdrQ7QQJQW0bkrBThxTlqGxhPbuWA
C10byiDil+TRTswSjZyVvYE+Nu7AyFxo77vMW2SORjIjJph9qXaTfHZTBAlrKvW2
GBcsXGZsNG607nyGqusfYvttru/Ep1G8gcs7h881qgYJBbZxSVcPhfolkXV36+VH
ejO8+vMO
=NmL9
-----END PGP SIGNATURE-----
pgpXyPWXDgBOG.pgp
Description: PGP signature
--- End Message ---
