UbuntuUpdates.org

Package "libnss-libvirt"

Name: libnss-libvirt

Description:

nss plugins providing IP address resolution for virtual machines
Latest version: 8.0.0-1ubuntu7.15
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: libvirt
Homepage: https://libvirt.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libnss-libvirt"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libnss-libvirt" in Jammy

Repository Area Version
base universe 8.0.0-1ubuntu7
security universe 8.0.0-1ubuntu7.15

Changelog

Version: 8.0.0-1ubuntu7.15 2026-01-08 21:11:29 UTC

  libvirt (8.0.0-1ubuntu7.15) jammy-security; urgency=medium

  * SECURITY UPDATE: memory consumption DoS via XML parsing
    - debian/patches/CVE-2025-12748-pre1.patch: move unlinking corrupt save
      image file to caller in src/qemu/qemu_driver.c,
      src/qemu/qemu_saveimage.c, src/qemu/qemu_saveimage.h,
      src/qemu/qemu_snapshot.c.
    - debian/patches/CVE-2025-12748-pre2.patch: decompose qemuSaveImageOpen
      in src/qemu/qemu_driver.c, src/qemu/qemu_saveimage.c,
      src/qemu/qemu_saveimage.h, src/qemu/qemu_snapshot.c
    - debian/patches/CVE-2025-12748-pre3.patch: check for valid save image
      format when verifying image header in src/qemu/qemu_saveimage.c.
    - debian/patches/CVE-2025-12748-1.patch: add virDomainDefIDsParseString
      in src/conf/domain_conf.c, src/conf/domain_conf.h,
      src/libvirt_private.syms.
    - debian/patches/CVE-2025-12748-2.patch: check ACLs before parsing the
      whole domain XML in src/bhyve/bhyve_driver.c.
    - debian/patches/CVE-2025-12748-3.patch: check ACLs before parsing the
      whole domain XML in src/libxl/libxl_driver.c,
    - debian/patches/CVE-2025-12748-4.patch: check ACLs before parsing the
      whole domain XML in src/lxc/lxc_driver.c.
    - debian/patches/CVE-2025-12748-5.patch: check ACLs before parsing the
      whole domain XML in src/vz/vz_driver.c.
    - debian/patches/CVE-2025-12748-6.patch: check ACLs before parsing the
      whole domain XML in src/ch/ch_driver.c.
    - debian/patches/CVE-2025-12748-7.patch: check ACLs before parsing the
      whole domain XML in src/qemu/qemu_driver.c,
      src/qemu/qemu_migration.c, src/qemu/qemu_migration.h,
      src/qemu/qemu_saveimage.c, src/qemu/qemu_saveimage.h,
      src/qemu/qemu_snapshot.c.
    - debian/patches/CVE-2025-12748-8.patch: fix typo in bhyve driver in
      src/bhyve/bhyve_driver.c.
    - CVE-2025-12748
  * SECURITY UPDATE: incorrect world-readable permissions on snapshots
    - debian/patches/CVE-2025-13193.patch: set umask for qemu-img when
      creating external inactive snapshots in src/qemu/qemu_snapshot.c.
    - CVE-2025-13193

 -- Marc Deslauriers <email address hidden> Mon, 08 Dec 2025 13:08:06 -0500
Source diff to previous version
CVE-2025-12748 A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL c
CVE-2025-13193 A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivil

Version: 8.0.0-1ubuntu7.14 2025-10-23 00:07:31 UTC

  libvirt (8.0.0-1ubuntu7.14) jammy; urgency=medium

  * d/p/u-aa/lp2120278-* : virt-aa-helper: Avoid duplicate when append rule
    (LP: #2120278)

 -- Hector Cao <email address hidden> Tue, 14 Oct 2025 22:38:25 +0000
Source diff to previous version
2120278 Apparmor /dev/net/tun overflow

Version: 8.0.0-1ubuntu7.13 2025-10-08 11:06:58 UTC

  libvirt (8.0.0-1ubuntu7.13) jammy; urgency=medium

  * d/p/u/lp-2117467-virdevmapper-device-name-for-targets.patch:
    virdevmapper: Always use device name for finding targets. This ensures
    that all the target devices of a multipath device are added to the
    namespace/cgroup of the guest domain.
    Closes LP: #2117467.

 -- Bhavin Gandhi <email address hidden> Tue, 22 Jul 2025 13:50:20 +0530
Source diff to previous version
2117467 Multipath device's targets are not added to domain namespace/cgroup

Version: 8.0.0-1ubuntu7.12 2025-07-16 23:07:21 UTC

  libvirt (8.0.0-1ubuntu7.12) jammy; urgency=medium

  * d/p/u/lp2106812-cpu_map-Drop-mpx-from-x86-cpu-models.patch:
    Memory protection extensions (MPX) were introduced in Intel Skylake
    generation CPUs and provided hardware support for bound checking. This
    feature will not be supported in Intel CPUs beginning with the Ice Lake
    generation. Remove missing mpx feature so that libvirts detects correctly
    CPU models (Icelake, ..) instead of the old Blackwell (LP: #2106812)

 -- Hector Cao <email address hidden> Wed, 23 Apr 2025 03:41:12 +0200
Source diff to previous version
2106812 Emeralds rapids CPU cannot use Skylake to Icelake feature sets on Jammy 22.04 LTS and Noble 24.04 LTS

Version: 8.0.0-1ubuntu7.11 2025-04-29 12:07:10 UTC

  libvirt (8.0.0-1ubuntu7.11) jammy; urgency=medium

  * d/p/u/lp-2077336-drop-tpm-tis-arch-validation-*.patch: Drop tpm-tis
    validation and fix armv7l VM creation. (LP: #2077336)

 -- Sergio Durigan Junior <email address hidden> Wed, 04 Sep 2024 21:27:45 -0400
2077336 Creation of armv7l vm fails due to tpm-tis


About   -   Send Feedback to @ubuntu_updates