Package "libvirt"
Name: |
libvirt
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- programs for the libvirt library
- development files for the libvirt library
- documentation for the libvirt library
- library for interfacing with different virtualization systems
|
Latest version: |
1.2.2-0ubuntu13.1.28 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Links
Other versions of "libvirt" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
libvirt (1.2.2-0ubuntu13.1.28) trusty-security; urgency=medium
* SECURITY UPDATE: Add support for md-clear functionality
- debian/patches/md-clear.patch: Define md-clear CPUID bit in
src/cpu/cpu_map.xml.
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
-- Steve Beattie <email address hidden> Thu, 16 May 2019 12:56:28 -0700
|
Source diff to previous version |
|
libvirt (1.2.2-0ubuntu13.1.27) trusty-security; urgency=medium
* SECURITY UPDATE: QEMU monitor DoS
- debian/patches/CVE-2018-1064.patch: add size limit to
src/qemu/qemu_agent.c.
- CVE-2018-1064
* SECURITY UPDATE: Speculative Store Bypass
- debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
bit in src/cpu/cpu_map.xml.
- debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
feature bit in src/cpu/cpu_map.xml.
- CVE-2018-3639
-- Marc Deslauriers <email address hidden> Wed, 23 May 2018 14:23:45 -0400
|
Source diff to previous version |
CVE-2018-1064 |
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor |
CVE-2018-3639 |
Speculative Store Bypass |
|
libvirt (1.2.2-0ubuntu13.1.26) trusty-security; urgency=medium
* SECURITY UPDATE: resource exhaustion resulting in DoS
- debian/patches/CVE-2018-5748.patch: avoid DoS reading from
QEMU monitor in src/qemu/qemu_monitor.c.
- CVE-2018-5748
* SECURITY UPDATE: Bypass authentication
- debian/patches/CVE-2016-5008.patch: let empty default VNC
password work as documented in src/qemu/qemu_hotplug.c.
- CVE-2016-5008
-- <email address hidden> (Leonidas S. Barbosa) Fri, 16 Feb 2018 07:51:15 -0500
|
Source diff to previous version |
CVE-2018-5748 |
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. |
CVE-2016-5008 |
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers |
|
libvirt (1.2.2-0ubuntu13.1.25) trusty-security; urgency=medium
* SECURITY UPDATE: Add support for Spectre mitigations
- debian/patches/CVE-2017-5715-ibrs*.patch: add CPU features for
indirect branch prediction protection and add new *-IBRS CPU models.
- debian/control: add Breaks to get updated qemu with new CPU models.
- CVE-2017-5715
-- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 15:00:47 -0500
|
Source diff to previous version |
CVE-2017-5715 |
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at |
|
libvirt (1.2.2-0ubuntu13.1.16) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via incorrect ACL check handling
- debian/patches/CVE-2014-8136.patch: properly unlock vm on failed ACL
check in src/qemu/qemu_driver.c.
- CVE-2014-8136
* SECURITY UPDATE: VNC password leak via snapshots and save images
- debian/patches/CVE-2015-0236.patch: check ACLs when dumping security
info in src/qemu/qemu_driver.c, src/remote/remote_protocol.x.
- CVE-2015-0236
* SECURITY UPDATE: ACL bypass using storage pool directory traversal
- debian/patches/CVE-2015-5313.patch: filter filesystem volume names in
src/storage/storage_backend_fs.c.
- CVE-2015-5313
* This package does _not_ contain the changes from 1.2.2-0ubuntu13.1.15
in trusty-proposed.
-- Marc Deslauriers Fri, 08 Jan 2016 10:03:14 -0500
|
CVE-2014-8136 |
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL che |
CVE-2015-0236 |
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot |
CVE-2015-5313 |
ACL bypass using ../ to access beyond storage pool |
|
About
-
Send Feedback to @ubuntu_updates