UbuntuUpdates.org

Package "libvirt"

Name: libvirt

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • programs for the libvirt library
  • development files for the libvirt library
  • documentation for the libvirt library
  • library for interfacing with different virtualization systems
Latest version: 1.2.2-0ubuntu13.1.28
Release: trusty (14.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libvirt" in Trusty

Repository Area Version
base main 1.2.2-0ubuntu13
updates main 1.2.2-0ubuntu13.1.28

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.2.2-0ubuntu13.1.7 2014-11-11 20:06:28 UTC

  libvirt (1.2.2-0ubuntu13.1.7) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via virConnectListAllDomains
    - debian/patches/CVE-2014-3633.patch: fix domain deadlock in
      src/conf/domain_conf.c.
    - CVE-2014-3633
  * SECURITY UPDATE: xml information leak with read-only connections
    - debian/patches/CVE-2014-7823.patch: check for migratable flag in
      src/libvirt.c, src/remote/remote_protocol.x.
    - CVE-2014-3657
 -- Marc Deslauriers <email address hidden> Mon, 10 Nov 2014 19:48:54 -0500
Source diff to previous version
CVE-2014-3633 qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index
CVE-2014-7823 dumpxml: information leak with migratable flag
CVE-2014-3657 The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remo

Version: 1.2.2-0ubuntu13.1.5 2014-09-30 19:06:39 UTC

  libvirt (1.2.2-0ubuntu13.1.5) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible information disclosure
    via crafted XML document
    - debian/patches/CVE-2014-0179.patch: don't expand entities when
      parsing XML in src/util/virxml.c.
    - CVE-2014-0179
    - CVE-2014-5177
  * SECURITY UPDATE: denial of service or information disclosure via
    virDomainGetBlockIoTune
    - debian/patches/CVE-2014-3633.patch: use correct definition when
      looking up disk in src/qemu/qemu_driver.c.
    - CVE-2014-3633
 -- Marc Deslauriers <email address hidden> Mon, 29 Sep 2014 15:27:53 -0400
CVE-2014-0179 libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing
CVE-2014-5177 libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML d
CVE-2014-3633 qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index


About   -   Send Feedback to @ubuntu_updates