| Package | libvirt |
|---|---|
| Version | 1.2.9-9+deb8u8 (jessie), 3.0.0-4+deb9u6 (stretch) |
| Related CVEs | CVE-2021-3631 CVE-2021-3975 CVE-2022-0897 CVE-2024-1441 CVE-2024-2494 CVE-2024-2496 |
Several issue have been found in libvirt, a library for interfacing with different virtualization systems. The issues are related to use-after-free, an off-by-one, a null pointer dereference and badly handled mutex, which could be used for a denial of service. The other issues are related to privilege escalation and breaking out of the sVirt confinement.
(strictly speaking CVE-2021-3975 only affects Stretch)
For Debian 8 jessie, these problems have been fixed in version 1.2.9-9+deb8u8.
For Debian 9 stretch, these problems have been fixed in version 3.0.0-4+deb9u6.
We recommend that you upgrade your libvirt packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.