UbuntuUpdates.org

Package "libvirt-daemon-driver-storage-rbd"

Name: libvirt-daemon-driver-storage-rbd

Description:

Virtualization daemon RBD storage driver

Latest version: 4.0.0-1ubuntu8.12
Release: bionic (18.04)
Level: updates
Repository: main
Head package: libvirt
Homepage: http://libvirt.org

Links

Save this URL for the latest version of "libvirt-daemon-driver-storage-rbd": https://www.ubuntuupdates.org/libvirt-daemon-driver-storage-rbd


Download "libvirt-daemon-driver-storage-rbd"


Other versions of "libvirt-daemon-driver-storage-rbd" in Bionic

Repository Area Version
security main 4.0.0-1ubuntu8.12

Changelog

Version: 4.0.0-1ubuntu8.12 2019-07-08 13:08:00 UTC

  libvirt (4.0.0-1ubuntu8.12) bionic-security; urgency=medium

  * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
    read-only connection
    - debian/patches/CVE-2019-10161.patch: add check to
      src/libvirt-domain.c, src/qemu/qemu_driver.c,
      src/remote/remote_protocol.x.
    - CVE-2019-10161
  * SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
    read-only connection
    - debian/patches/CVE-2019-10166.patch: add check to
      src/libvirt-domain.c.
    - CVE-2019-10166
  * SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
    read-only connection
    - debian/patches/CVE-2019-10167.patch: add check to
      src/libvirt-domain.c.
    - CVE-2019-10167

 -- Marc Deslauriers <email address hidden> Tue, 02 Jul 2019 09:19:33 -0400

Source diff to previous version
CVE-2019-10161 arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
CVE-2019-10166 virDomainManagedSaveDefineXML API exposed to readonly clients
CVE-2019-10167 arbitrary command execution via virConnectGetDomainCapabilities API

Version: 4.0.0-1ubuntu8.11 2019-06-25 01:07:38 UTC

  libvirt (4.0.0-1ubuntu8.11) bionic; urgency=medium

  * d/p/ubuntu/lp-1830268-refresh-capabilities-on-KVM-nesting.patch: fix
    consideration of VMX flag (LP: #1830268)

 -- Christian Ehrhardt <email address hidden> Mon, 27 May 2019 11:52:07 +0200

Source diff to previous version
1830268 Use changed nested VMX attribute as trigger to refresh libvirt capability cache

Version: 4.0.0-1ubuntu8.10 2019-05-15 20:06:33 UTC

  libvirt (4.0.0-1ubuntu8.10) bionic-security; urgency=medium

  * SECURITY UPDATE: Add support for md-clear functionality
    - debian/patches/md-clear.patch: Define md-clear CPUID bit in
      src/cpu/cpu_map.xml.
    - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

 -- Marc Deslauriers <email address hidden> Tue, 14 May 2019 15:11:45 -0400

Source diff to previous version
CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling
CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling
CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling
CVE-2019-11091 MDSUM Microarchitectural Data Sampling Uncacheable Memory

Version: 4.0.0-1ubuntu8.9 2019-05-07 21:06:32 UTC

  libvirt (4.0.0-1ubuntu8.9) bionic; urgency=medium

  * d/p/ubuntu/lp-1823676-Use-the-correct-vm-def-on-cold-attach.patch:
    fix issues attaching scsi adapters without explicit index (LP: #1823676)

 -- Christian Ehrhardt <email address hidden> Wed, 10 Apr 2019 15:14:09 +0200

Source diff to previous version
1823676 Failed to attach scsi contr. with opt. \

Version: 4.0.0-1ubuntu8.8 2019-03-14 20:07:00 UTC

  libvirt (4.0.0-1ubuntu8.8) bionic-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in qemuAgentGetInterfaces
    - debian/patches/CVE-2019-3840.patch: require a reply in
      src/qemu/qemu_agent.c.
    - CVE-2019-3840

 -- Marc Deslauriers <email address hidden> Wed, 13 Mar 2019 08:09:33 -0400

CVE-2019-3840 NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function



About   -   Send Feedback to @ubuntu_updates