Summary: | <app-emulation/libvirt-10.2.0: check for negative array lengths before allocation | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michal Prívozník <michal.privoznik> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gitlab.com/libvirt/libvirt/-/commit/8a3f8d957507c1f8223fdcf25a3ff885b15557f2 | ||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- |
Description
Michal Prívozník
2024-04-13 20:02:14 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c32491d0bcded18663dd976934ad5c10b29d4c2 commit 3c32491d0bcded18663dd976934ad5c10b29d4c2 Author: Michal Privoznik <michal.privoznik@gmail.com> AuthorDate: 2024-04-13 18:53:12 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-04-14 00:41:53 +0000 app-emulation/libvirt: Backport fix for CVE-2024-2494 The fix made it into app-emulation/libvirt-10.2.0 release. Backport the fix into anything older. https://nvd.nist.gov/vuln/detail/CVE-2024-2494 Bug: https://bugs.gentoo.org/929966 Signed-off-by: Michal Privoznik <michal.privoznik@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/36242 Signed-off-by: Sam James <sam@gentoo.org> ...k-for-negative-array-lengths-before-alloc.patch | 222 +++++++++++++++++++++ ...t-10.0.0-r1.ebuild => libvirt-10.0.0-r2.ebuild} | 1 + ...virt-10.1.0.ebuild => libvirt-10.1.0-r1.ebuild} | 1 + ...irt-9.8.0-r1.ebuild => libvirt-9.8.0-r2.ebuild} | 1 + ...irt-9.9.0-r1.ebuild => libvirt-9.9.0-r2.ebuild} | 1 + 5 files changed, 226 insertions(+) |