UbuntuUpdates.org

Package "libvirt0"

Name: libvirt0

Description:

library for interfacing with different virtualization systems

Latest version: 5.0.0-1ubuntu2.4
Release: disco (19.04)
Level: security
Repository: main
Head package: libvirt
Homepage: http://libvirt.org

Links

Save this URL for the latest version of "libvirt0": https://www.ubuntuupdates.org/libvirt0


Download "libvirt0"


Other versions of "libvirt0" in Disco

Repository Area Version
base main 5.0.0-1ubuntu2
updates main 5.0.0-1ubuntu2.4

Changelog

Version: 5.0.0-1ubuntu2.4 2019-07-08 13:08:13 UTC

  libvirt (5.0.0-1ubuntu2.4) disco-security; urgency=medium

  * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
    read-only connection
    - debian/patches/CVE-2019-10161.patch: add check to
      src/libvirt-domain.c, src/qemu/qemu_driver.c,
      src/remote/remote_protocol.x.
    - CVE-2019-10161
  * SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
    read-only connection
    - debian/patches/CVE-2019-10166.patch: add check to
      src/libvirt-domain.c.
    - CVE-2019-10166
  * SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
    read-only connection
    - debian/patches/CVE-2019-10167.patch: add check to
      src/libvirt-domain.c.
    - CVE-2019-10167
  * SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
    connection
    - debian/patches/CVE-2019-10168.patch: add checks to
      src/libvirt-host.c.
    - CVE-2019-10168

 -- Marc Deslauriers <email address hidden> Tue, 02 Jul 2019 08:49:48 -0400

Source diff to previous version
CVE-2019-10161 arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
CVE-2019-10166 virDomainManagedSaveDefineXML API exposed to readonly clients
CVE-2019-10167 arbitrary command execution via virConnectGetDomainCapabilities API
CVE-2019-10168 arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs

Version: 5.0.0-1ubuntu2.3 2019-06-19 18:06:37 UTC

  libvirt (5.0.0-1ubuntu2.3) disco-security; urgency=medium

  * SECURITY UPDATE: DoS via incorrect permissions check
    - debian/patches/CVE-2019-3886-1.patch: disallow virDomainGetHostname
      for read-only connections in src/libvirt-domain.c.
    - debian/patches/CVE-2019-3886-2.patch: enforce ACL write permission
      for getting guest time & hostname in src/remote/remote_protocol.x.
    - CVE-2019-3886
  * SECURITY UPDATE: privilege escalation via incorrect socket permissions
    - debian/patches/CVE-2019-10132-1.patch: reject clients unless their
      UID matches the current UID in src/admin/admin_server_dispatch.c.
    - debian/patches/CVE-2019-10132-2.patch: restrict sockets to mode 0600
      in src/locking/virtlockd-admin.socket.in,
      src/locking/virtlockd.socket.in.
    - debian/patches/CVE-2019-10132-3.patch: restrict sockets to mode 0600
      in src/logging/virtlogd-admin.socket.in,
      src/logging/virtlogd.socket.in.
    - CVE-2019-10132

 -- Marc Deslauriers <email address hidden> Mon, 17 Jun 2019 07:18:24 -0400

Source diff to previous version
CVE-2019-3886 An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest a
CVE-2019-10132 A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configurati

Version: 5.0.0-1ubuntu2.1 2019-05-15 19:07:18 UTC

  libvirt (5.0.0-1ubuntu2.1) disco-security; urgency=medium

  * SECURITY UPDATE: Add support for md-clear functionality
    - debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
      src/cpu_map/x86_features.xml.
    - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

 -- Marc Deslauriers <email address hidden> Tue, 14 May 2019 14:48:05 -0400

CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling
CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling
CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling
CVE-2019-11091 MDSUM Microarchitectural Data Sampling Uncacheable Memory



About   -   Send Feedback to @ubuntu_updates