UbuntuUpdates.org

Package "libvirt0"

Name: libvirt0

Description:

library for interfacing with different virtualization systems

Latest version: 1.3.1-1ubuntu10.27
Release: xenial (16.04)
Level: updates
Repository: main
Head package: libvirt
Homepage: http://libvirt.org

Links

Save this URL for the latest version of "libvirt0": https://www.ubuntuupdates.org/libvirt0


Download "libvirt0"


Other versions of "libvirt0" in Xenial

Repository Area Version
base main 1.3.1-1ubuntu10
security main 1.3.1-1ubuntu10.27
proposed main 1.3.1-1ubuntu10.28

Changelog

Version: 1.3.1-1ubuntu10.22 2018-05-03 18:07:10 UTC

  libvirt (1.3.1-1ubuntu10.22) xenial; urgency=medium

  * Fix clean shut down of guests on system shutdown (LP: #1764668)
    - d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch
    - d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch

 -- Christian Ehrhardt <email address hidden> Wed, 25 Apr 2018 09:26:12 +0200

Source diff to previous version
1764668 guest cleanup script fails to iterate

Version: 1.3.1-1ubuntu10.21 2018-04-12 10:07:24 UTC

  libvirt (1.3.1-1ubuntu10.21) xenial; urgency=medium

  * d/p/ubuntu/lp1688508-fix-variable-scope-in-in-check_guests_shutdown.patch:
    backport further upstream fixes that were identified on verification.
    Together with the former change this fixes (LP: #1688508)
  * d/p/ubuntu/lp1753604-nwfilter-fix-lock-order-deadlock.patch:
    fix intermittent deadlock in NWFilter handling (LP: #1753604)

Source diff to previous version
1688508 libvirt-guests.sh fails to shutdown guests in parallel
1753604 libvirt-bin nwfilter deadlock

Version: 1.3.1-1ubuntu10.19 2018-02-21 00:07:37 UTC

  libvirt (1.3.1-1ubuntu10.19) xenial-security; urgency=medium

  [ Leonidas S. Barbosa ]
  * SECURITY UPDATE: resource exhaustion resulting in DoS
    - debian/patches/CVE-2018-5748.patch: avoid DoS reading from
      QEMU monitor in src/qemu/qemu_monitor.c.
    - CVE-2018-5748
  * SECURITY UPDATE: Bypass authentication
    - debian/patches/CVE-2016-5008.patch: let empty default VNC
      password work as documented in src/qemu/qemu_hotplug.c.
    - CVE-2016-5008

  [ Marc Deslauriers ]
  * SECURITY UPDATE: code injection via libnss_dns.so
    - debian/patches/CVE-2018-6764-1.patch: determine the hostname on
      startup in src/util/virlog.c.
    - debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
      src/util/virlog.c.
    - debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
      in cfg.mk, src/util/virlog.c.
    - CVE-2018-6764

 -- Marc Deslauriers <email address hidden> Fri, 16 Feb 2018 07:51:15 -0500

Source diff to previous version
CVE-2018-5748 qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
CVE-2016-5008 libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers
CVE-2018-6764 guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init

Version: 1.3.1-1ubuntu10.18 2018-02-15 23:06:25 UTC

  libvirt (1.3.1-1ubuntu10.18) xenial; urgency=medium

  * virsh api is stuck when vm is down with NFS borken (LP: #1746630)
    - d/p/0001-qemu-driver-Remove-unnecessary-flag-in-qemuDomainGet.patch
      qemu: driver: Remove unnecessary flag in qemuDomainGetStatsBlock
    - d/p/0002-qemu-driver-Separate-bulk-stats-worker-for-block-dev.patch
      qemu: driver: Separate bulk stats worker for block devices
    - d/p/0003-qemu-bulk-stats-Don-t-access-possibly-blocked-storag.patch
      qemu: bulk stats: Don't access possibly blocked storage

 -- Seyeong Kim <email address hidden> Thu, 01 Feb 2018 09:43:45 +0900

Source diff to previous version
1746630 virsh api is stuck when vm is down with NFS broken

Version: 1.3.1-1ubuntu10.17 2018-02-07 20:06:38 UTC

  libvirt (1.3.1-1ubuntu10.17) xenial-security; urgency=medium

  * SECURITY UPDATE: Add support for Spectre mitigations
    - debian/patches/CVE-2017-5715-ibrs*.patch: add CPU features for
      indirect branch prediction protection and add new *-IBRS CPU models.
    - debian/control: add Breaks to get updated qemu with new CPU models.
    - CVE-2017-5715

 -- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 15:01:16 -0500

CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at



About   -   Send Feedback to @ubuntu_updates