The following security update have been released for Debian GNU/Linux 8 (Jessie) and 9 (Stretch):
ELA-1161-1 libvirt security update
ELA-1161-1 libvirt security update
ELA-1161-1 libvirt security update
Package : libvirt
Version : 1.2.9-9+deb8u8 (jessie), 3.0.0-4+deb9u6 (stretch)
Related CVEs :
CVE-2021-3631
CVE-2021-3975
CVE-2022-0897
CVE-2024-1441
CVE-2024-2494
CVE-2024-2496
Several issue have been found in libvirt, a library for interfacing with different virtualization systems.
The issues are related to use-after-free, an off-by-one, a null pointer dereference and badly handled mutex, which could be used for a denial of service.
The other issues are related to privilege escalaltion and breaking out of the sVirt confinement.
(strictly speaking CVE-2021-3975 only affects Stretch)
