UbuntuUpdates.org

Package "libvirt"

Name: libvirt

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Programs for the libvirt library
  • Virtualization daemon
  • Virtualization daemon RBD storage driver
  • Libvirt daemon configuration files

Latest version: 4.6.0-2ubuntu3.8
Release: cosmic (18.10)
Level: updates
Repository: main

Links

Save this URL for the latest version of "libvirt": https://www.ubuntuupdates.org/libvirt



Other versions of "libvirt" in Cosmic

Repository Area Version
base main 4.6.0-2ubuntu3
base universe 4.6.0-2ubuntu3
security universe 4.6.0-2ubuntu3.8
security main 4.6.0-2ubuntu3.8
updates universe 4.6.0-2ubuntu3.8

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.6.0-2ubuntu3.8 2019-07-08 13:08:07 UTC

  libvirt (4.6.0-2ubuntu3.8) cosmic-security; urgency=medium

  * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
    read-only connection
    - debian/patches/CVE-2019-10161.patch: add check to
      src/libvirt-domain.c, src/qemu/qemu_driver.c,
      src/remote/remote_protocol.x.
    - CVE-2019-10161
  * SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
    read-only connection
    - debian/patches/CVE-2019-10166.patch: add check to
      src/libvirt-domain.c.
    - CVE-2019-10166
  * SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
    read-only connection
    - debian/patches/CVE-2019-10167.patch: add check to
      src/libvirt-domain.c.
    - CVE-2019-10167
  * SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
    connection
    - debian/patches/CVE-2019-10168.patch: add checks to
      src/libvirt-host.c.
    - CVE-2019-10168

 -- Marc Deslauriers <email address hidden> Tue, 02 Jul 2019 08:52:01 -0400

Source diff to previous version
CVE-2019-10161 arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
CVE-2019-10166 virDomainManagedSaveDefineXML API exposed to readonly clients
CVE-2019-10167 arbitrary command execution via virConnectGetDomainCapabilities API
CVE-2019-10168 arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs

Version: 4.6.0-2ubuntu3.7 2019-06-19 19:06:27 UTC

  libvirt (4.6.0-2ubuntu3.7) cosmic-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via incorrect socket permissions
    - debian/patches/CVE-2019-10132-1.patch: reject clients unless their
      UID matches the current UID in src/admin/admin_server_dispatch.c.
    - debian/patches/CVE-2019-10132-2.patch: restrict sockets to mode 0600
      in src/locking/virtlockd-admin.socket.in,
      src/locking/virtlockd.socket.in.
    - debian/patches/CVE-2019-10132-3.patch: restrict sockets to mode 0600
      in src/logging/virtlogd-admin.socket.in,
      src/logging/virtlogd.socket.in.
    - CVE-2019-10132

 -- Marc Deslauriers <email address hidden> Mon, 17 Jun 2019 07:22:49 -0400

Source diff to previous version
CVE-2019-10132 A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configurati

Version: 4.6.0-2ubuntu3.6 2019-06-17 10:06:24 UTC

  libvirt (4.6.0-2ubuntu3.6) cosmic; urgency=medium

  * d/p/ubuntu/lp-1830268-refresh-capabilities-on-KVM-nesting.patch: fix
    consideration of VMX flag (LP: #1830268)

 -- Christian Ehrhardt <email address hidden> Tue, 28 May 2019 07:59:48 +0200

Source diff to previous version
1830268 Use changed nested VMX attribute as trigger to refresh libvirt capability cache

Version: 4.6.0-2ubuntu3.5 2019-05-15 20:06:37 UTC

  libvirt (4.6.0-2ubuntu3.5) cosmic-security; urgency=medium

  * SECURITY UPDATE: Add support for md-clear functionality
    - debian/patches/md-clear.patch: Define md-clear CPUID bit in
      src/cpu/cpu_map.xml.
    - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

 -- Marc Deslauriers <email address hidden> Tue, 14 May 2019 15:10:06 -0400

Source diff to previous version
CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling
CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling
CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling
CVE-2019-11091 MDSUM Microarchitectural Data Sampling Uncacheable Memory

Version: 4.6.0-2ubuntu3.4 2019-03-14 20:07:02 UTC

  libvirt (4.6.0-2ubuntu3.4) cosmic-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in qemuAgentGetInterfaces
    - debian/patches/CVE-2019-3840.patch: require a reply in
      src/qemu/qemu_agent.c.
    - CVE-2019-3840

 -- Marc Deslauriers <email address hidden> Wed, 13 Mar 2019 08:07:59 -0400

CVE-2019-3840 NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function



About   -   Send Feedback to @ubuntu_updates