[SECURITY] Fedora 39 Update: libvirt-9.7.0-3.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d96cdeb8ec
2024-03-20 02:03:35.721027
--------------------------------------------------------------------------------
Name : libvirt
Product : Fedora 39
Version : 9.7.0
Release : 3.fc39
URL : https://libvirt.org/
Summary : Library providing a simple virtualization API
Description :
Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). The main package includes
the libvirtd server exporting the virtualization support.
--------------------------------------------------------------------------------
Update Information:
Fix crash listing interfaces with missing link status attribute (rhbz #2266014)
Fix crash listing interfaces with missized array (CVE-2024-1441)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2024 Daniel P. Berrang�� <berrange(a)redhat.com> - 9.7.0-3
- Fix crash listing interfaces with missing link status attribute (rhbz #2266014)
- Fix crash listing interfaces with missized array (CVE-2024-1441)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263841 - CVE-2024-1441 libvirt: off-by-one error in
udevListInterfacesByStatus()
https://bugzilla.redhat.com/show_bug.cgi?id=2263841
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d96cdeb8ec' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------