UbuntuUpdates.org

Package "libvirt"

Name: libvirt

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • programs for the libvirt library
  • development files for the libvirt library
  • documentation for the libvirt library
  • library for interfacing with different virtualization systems

Latest version: 1.3.1-1ubuntu10.26
Release: xenial (16.04)
Level: updates
Repository: main

Links

Save this URL for the latest version of "libvirt": https://www.ubuntuupdates.org/libvirt



Other versions of "libvirt" in Xenial

Repository Area Version
base main 1.3.1-1ubuntu10
security main 1.3.1-1ubuntu10.26

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.3.1-1ubuntu10.21 2018-04-12 10:07:24 UTC

  libvirt (1.3.1-1ubuntu10.21) xenial; urgency=medium

  * d/p/ubuntu/lp1688508-fix-variable-scope-in-in-check_guests_shutdown.patch:
    backport further upstream fixes that were identified on verification.
    Together with the former change this fixes (LP: #1688508)
  * d/p/ubuntu/lp1753604-nwfilter-fix-lock-order-deadlock.patch:
    fix intermittent deadlock in NWFilter handling (LP: #1753604)

Source diff to previous version
1688508 libvirt-guests.sh fails to shutdown guests in parallel
1753604 libvirt-bin nwfilter deadlock

Version: 1.3.1-1ubuntu10.19 2018-02-21 00:07:37 UTC

  libvirt (1.3.1-1ubuntu10.19) xenial-security; urgency=medium

  [ Leonidas S. Barbosa ]
  * SECURITY UPDATE: resource exhaustion resulting in DoS
    - debian/patches/CVE-2018-5748.patch: avoid DoS reading from
      QEMU monitor in src/qemu/qemu_monitor.c.
    - CVE-2018-5748
  * SECURITY UPDATE: Bypass authentication
    - debian/patches/CVE-2016-5008.patch: let empty default VNC
      password work as documented in src/qemu/qemu_hotplug.c.
    - CVE-2016-5008

  [ Marc Deslauriers ]
  * SECURITY UPDATE: code injection via libnss_dns.so
    - debian/patches/CVE-2018-6764-1.patch: determine the hostname on
      startup in src/util/virlog.c.
    - debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
      src/util/virlog.c.
    - debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
      in cfg.mk, src/util/virlog.c.
    - CVE-2018-6764

 -- Marc Deslauriers <email address hidden> Fri, 16 Feb 2018 07:51:15 -0500

Source diff to previous version
CVE-2018-5748 qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
CVE-2016-5008 libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers
CVE-2018-6764 guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init

Version: 1.3.1-1ubuntu10.18 2018-02-15 23:06:25 UTC

  libvirt (1.3.1-1ubuntu10.18) xenial; urgency=medium

  * virsh api is stuck when vm is down with NFS borken (LP: #1746630)
    - d/p/0001-qemu-driver-Remove-unnecessary-flag-in-qemuDomainGet.patch
      qemu: driver: Remove unnecessary flag in qemuDomainGetStatsBlock
    - d/p/0002-qemu-driver-Separate-bulk-stats-worker-for-block-dev.patch
      qemu: driver: Separate bulk stats worker for block devices
    - d/p/0003-qemu-bulk-stats-Don-t-access-possibly-blocked-storag.patch
      qemu: bulk stats: Don't access possibly blocked storage

 -- Seyeong Kim <email address hidden> Thu, 01 Feb 2018 09:43:45 +0900

Source diff to previous version
1746630 virsh api is stuck when vm is down with NFS broken

Version: 1.3.1-1ubuntu10.17 2018-02-07 20:06:38 UTC

  libvirt (1.3.1-1ubuntu10.17) xenial-security; urgency=medium

  * SECURITY UPDATE: Add support for Spectre mitigations
    - debian/patches/CVE-2017-5715-ibrs*.patch: add CPU features for
      indirect branch prediction protection and add new *-IBRS CPU models.
    - debian/control: add Breaks to get updated qemu with new CPU models.
    - CVE-2017-5715

 -- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 15:01:16 -0500

Source diff to previous version
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at

Version: 1.3.1-1ubuntu10.15 2017-11-22 02:06:52 UTC

  libvirt (1.3.1-1ubuntu10.15) xenial; urgency=medium

  * d/p/storage-Don-t-pass-iso-format-to-qemu-img.patch: fix issues in virt
    clone and other users of storage_utils functions by not passing
    iso to qemu-img (LP: #1729858).

 -- Christian Ehrhardt <email address hidden> Mon, 06 Nov 2017 16:36:11 +0100

1729858 virt-clone fails with: Unknown driver 'iso'



About   -   Send Feedback to @ubuntu_updates