RHEL 9 : libvirt (RHSA-2023:6409)

medium Nessus Plugin ID 185152

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6409 advisory.

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

The following packages have been upgraded to a later upstream version: libvirt (9.5.0). (BZ#2175785)

Security Fix(es):

* libvirt: improper locking in virStoragePoolObjListSearch may lead to denial of service (CVE-2023-3750)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?619e5320

http://www.nessus.org/u?ba7c51e0

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1961326

https://bugzilla.redhat.com/show_bug.cgi?id=2000410

https://bugzilla.redhat.com/show_bug.cgi?id=2004850

https://bugzilla.redhat.com/show_bug.cgi?id=2014030

https://bugzilla.redhat.com/show_bug.cgi?id=2032406

https://bugzilla.redhat.com/show_bug.cgi?id=2035985

https://bugzilla.redhat.com/show_bug.cgi?id=2037734

https://bugzilla.redhat.com/show_bug.cgi?id=2078693

https://bugzilla.redhat.com/show_bug.cgi?id=2119007

https://bugzilla.redhat.com/show_bug.cgi?id=2137346

https://bugzilla.redhat.com/show_bug.cgi?id=2138150

https://bugzilla.redhat.com/show_bug.cgi?id=2143158

https://bugzilla.redhat.com/show_bug.cgi?id=2151064

https://bugzilla.redhat.com/show_bug.cgi?id=2154750

https://bugzilla.redhat.com/show_bug.cgi?id=2156300

https://bugzilla.redhat.com/show_bug.cgi?id=2160356

https://bugzilla.redhat.com/show_bug.cgi?id=2160435

https://bugzilla.redhat.com/show_bug.cgi?id=2161965

https://bugzilla.redhat.com/show_bug.cgi?id=2166235

https://bugzilla.redhat.com/show_bug.cgi?id=2171384

https://bugzilla.redhat.com/show_bug.cgi?id=2171860

https://bugzilla.redhat.com/show_bug.cgi?id=2171973

https://bugzilla.redhat.com/show_bug.cgi?id=2173142

https://bugzilla.redhat.com/show_bug.cgi?id=2174397

https://bugzilla.redhat.com/show_bug.cgi?id=2174700

https://bugzilla.redhat.com/show_bug.cgi?id=2175449

https://bugzilla.redhat.com/show_bug.cgi?id=2175582

https://bugzilla.redhat.com/show_bug.cgi?id=2175785

https://bugzilla.redhat.com/show_bug.cgi?id=2176215

https://bugzilla.redhat.com/show_bug.cgi?id=2176917

https://bugzilla.redhat.com/show_bug.cgi?id=2176921

https://bugzilla.redhat.com/show_bug.cgi?id=2176923

https://bugzilla.redhat.com/show_bug.cgi?id=2176924

https://bugzilla.redhat.com/show_bug.cgi?id=2178866

https://bugzilla.redhat.com/show_bug.cgi?id=2178885

https://bugzilla.redhat.com/show_bug.cgi?id=2179030

https://bugzilla.redhat.com/show_bug.cgi?id=2180679

https://bugzilla.redhat.com/show_bug.cgi?id=2181234

https://bugzilla.redhat.com/show_bug.cgi?id=2181235

https://bugzilla.redhat.com/show_bug.cgi?id=2182961

https://bugzilla.redhat.com/show_bug.cgi?id=2184966

https://bugzilla.redhat.com/show_bug.cgi?id=2185184

https://bugzilla.redhat.com/show_bug.cgi?id=2187133

https://bugzilla.redhat.com/show_bug.cgi?id=2187278

https://bugzilla.redhat.com/show_bug.cgi?id=2193315

https://bugzilla.redhat.com/show_bug.cgi?id=2196178

https://bugzilla.redhat.com/show_bug.cgi?id=2203709

https://bugzilla.redhat.com/show_bug.cgi?id=2208946

https://bugzilla.redhat.com/show_bug.cgi?id=2209191

https://bugzilla.redhat.com/show_bug.cgi?id=2209853

https://bugzilla.redhat.com/show_bug.cgi?id=2210058

https://bugzilla.redhat.com/show_bug.cgi?id=2210287

https://bugzilla.redhat.com/show_bug.cgi?id=2216212

https://bugzilla.redhat.com/show_bug.cgi?id=2222210

https://bugzilla.redhat.com/show_bug.cgi?id=2224016

https://bugzilla.redhat.com/show_bug.cgi?id=2236057

https://bugzilla.redhat.com/show_bug.cgi?id=2236500

https://access.redhat.com/errata/RHSA-2023:6409

Plugin Details

Severity: Medium

ID: 185152

File Name: redhat-RHSA-2023-6409.nasl

Version: 1.3

Type: local

Agent: unix

Published: 11/7/2023

Updated: 11/7/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2023-3750

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-proxy, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon, p-cpe:/a:redhat:enterprise_linux:libvirt-client, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-lock, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-plugin-sanlock, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-log, p-cpe:/a:redhat:enterprise_linux:libvirt-nss, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev, p-cpe:/a:redhat:enterprise_linux:libvirt, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-common, p-cpe:/a:redhat:enterprise_linux:libvirt-client-qemu, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter, p-cpe:/a:redhat:enterprise_linux:libvirt-libs, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk, p-cpe:/a:redhat:enterprise_linux:libvirt-devel, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-plugin-lockd, p-cpe:/a:redhat:enterprise_linux:libvirt-docs, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 11/7/2023

Vulnerability Publication Date: 7/24/2023

Reference Information

CVE: CVE-2023-3750

CWE: 667

RHSA: 2023:6409