UbuntuUpdates.org

Package "libvirt-doc"

Name: libvirt-doc

Description:

documentation for the libvirt library

Latest version: 4.6.0-2ubuntu3.8
Release: cosmic (18.10)
Level: security
Repository: main
Head package: libvirt
Homepage: http://libvirt.org

Links

Save this URL for the latest version of "libvirt-doc": https://www.ubuntuupdates.org/libvirt-doc


Download "libvirt-doc"


Other versions of "libvirt-doc" in Cosmic

Repository Area Version
base main 4.6.0-2ubuntu3
updates main 4.6.0-2ubuntu3.8

Changelog

Version: 4.6.0-2ubuntu3.8 2019-07-08 13:08:05 UTC

  libvirt (4.6.0-2ubuntu3.8) cosmic-security; urgency=medium

  * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
    read-only connection
    - debian/patches/CVE-2019-10161.patch: add check to
      src/libvirt-domain.c, src/qemu/qemu_driver.c,
      src/remote/remote_protocol.x.
    - CVE-2019-10161
  * SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
    read-only connection
    - debian/patches/CVE-2019-10166.patch: add check to
      src/libvirt-domain.c.
    - CVE-2019-10166
  * SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
    read-only connection
    - debian/patches/CVE-2019-10167.patch: add check to
      src/libvirt-domain.c.
    - CVE-2019-10167
  * SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
    connection
    - debian/patches/CVE-2019-10168.patch: add checks to
      src/libvirt-host.c.
    - CVE-2019-10168

 -- Marc Deslauriers <email address hidden> Tue, 02 Jul 2019 08:52:01 -0400

Source diff to previous version
CVE-2019-10161 arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
CVE-2019-10166 virDomainManagedSaveDefineXML API exposed to readonly clients
CVE-2019-10167 arbitrary command execution via virConnectGetDomainCapabilities API
CVE-2019-10168 arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs

Version: 4.6.0-2ubuntu3.7 2019-06-19 19:06:26 UTC

  libvirt (4.6.0-2ubuntu3.7) cosmic-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via incorrect socket permissions
    - debian/patches/CVE-2019-10132-1.patch: reject clients unless their
      UID matches the current UID in src/admin/admin_server_dispatch.c.
    - debian/patches/CVE-2019-10132-2.patch: restrict sockets to mode 0600
      in src/locking/virtlockd-admin.socket.in,
      src/locking/virtlockd.socket.in.
    - debian/patches/CVE-2019-10132-3.patch: restrict sockets to mode 0600
      in src/logging/virtlogd-admin.socket.in,
      src/logging/virtlogd.socket.in.
    - CVE-2019-10132

 -- Marc Deslauriers <email address hidden> Mon, 17 Jun 2019 07:22:49 -0400

Source diff to previous version
CVE-2019-10132 A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configurati

Version: 4.6.0-2ubuntu3.5 2019-05-15 19:07:16 UTC

  libvirt (4.6.0-2ubuntu3.5) cosmic-security; urgency=medium

  * SECURITY UPDATE: Add support for md-clear functionality
    - debian/patches/md-clear.patch: Define md-clear CPUID bit in
      src/cpu/cpu_map.xml.
    - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

 -- Marc Deslauriers <email address hidden> Tue, 14 May 2019 15:10:06 -0400

Source diff to previous version
CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling
CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling
CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling
CVE-2019-11091 MDSUM Microarchitectural Data Sampling Uncacheable Memory

Version: 4.6.0-2ubuntu3.4 2019-03-14 19:06:57 UTC

  libvirt (4.6.0-2ubuntu3.4) cosmic-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in qemuAgentGetInterfaces
    - debian/patches/CVE-2019-3840.patch: require a reply in
      src/qemu/qemu_agent.c.
    - CVE-2019-3840

 -- Marc Deslauriers <email address hidden> Wed, 13 Mar 2019 08:07:59 -0400

CVE-2019-3840 NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function



About   -   Send Feedback to @ubuntu_updates