UbuntuUpdates.org

Package "libvirt0"

Name: libvirt0

Description:

library for interfacing with different virtualization systems
Latest version: 8.0.0-1ubuntu7.17
Release: jammy (22.04)
Level: updates
Repository: main
Head package: libvirt
Homepage: https://libvirt.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libvirt0"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libvirt0" in Jammy

Repository Area Version
base main 8.0.0-1ubuntu7
security main 8.0.0-1ubuntu7.15
proposed main 8.0.0-1ubuntu7.17

Changelog

Version: 8.0.0-1ubuntu7.17 2026-06-18 16:07:36 UTC

  libvirt (8.0.0-1ubuntu7.17) jammy; urgency=medium

  * Fix excessive memory allocation when physical_package_id is large
    (LP: #2153530).
    - d/p/ubuntu/lp2153530-fix-max-socket-calculation.patch: compute socket
      count from unique package IDs instead of the maximum value.

 -- Seyeong Kim <email address hidden> Thu, 21 May 2026 03:50:35 +0000
Source diff to previous version
2153530 libvirt: excessive memory allocation / OOM when physical_package_id is large

Version: 8.0.0-1ubuntu7.16 2026-04-22 02:08:21 UTC

  libvirt (8.0.0-1ubuntu7.16) jammy; urgency=medium

  * Enable MSR kernel module load (LP: #2106791)
    In recent CPUs, some CPU features detection is done by reading
    Model Specific Registers (MSR). To do that, libvirt needs the
    msr kernel module to be loaded.
     - d/p/d/x86-install-modules-load.d-file-to-load-msr-module.patch
     - d/rules : install msr.conf file for libvirt-daemon-system only
       for affected arches (x86)
     - d/libvirt-daemon-system.postinst : trigger the module load

    The conf file is added to libvirt-daemon-system instead of libvirt-common
    in later releases. libvirt-common already breaks/replaces
    libvirt-daemon-system and therefore no further changes to allow upgrades
    are needed.

 -- Hector Cao <email address hidden> Wed, 04 Feb 2026 11:49:12 +0100
Source diff to previous version
2106791 Emerald Rapids cannot be used as Sapphire Rapids on Ubuntu due to TSX features

Version: 8.0.0-1ubuntu7.15 2026-01-08 21:11:27 UTC

  libvirt (8.0.0-1ubuntu7.15) jammy-security; urgency=medium

  * SECURITY UPDATE: memory consumption DoS via XML parsing
    - debian/patches/CVE-2025-12748-pre1.patch: move unlinking corrupt save
      image file to caller in src/qemu/qemu_driver.c,
      src/qemu/qemu_saveimage.c, src/qemu/qemu_saveimage.h,
      src/qemu/qemu_snapshot.c.
    - debian/patches/CVE-2025-12748-pre2.patch: decompose qemuSaveImageOpen
      in src/qemu/qemu_driver.c, src/qemu/qemu_saveimage.c,
      src/qemu/qemu_saveimage.h, src/qemu/qemu_snapshot.c
    - debian/patches/CVE-2025-12748-pre3.patch: check for valid save image
      format when verifying image header in src/qemu/qemu_saveimage.c.
    - debian/patches/CVE-2025-12748-1.patch: add virDomainDefIDsParseString
      in src/conf/domain_conf.c, src/conf/domain_conf.h,
      src/libvirt_private.syms.
    - debian/patches/CVE-2025-12748-2.patch: check ACLs before parsing the
      whole domain XML in src/bhyve/bhyve_driver.c.
    - debian/patches/CVE-2025-12748-3.patch: check ACLs before parsing the
      whole domain XML in src/libxl/libxl_driver.c,
    - debian/patches/CVE-2025-12748-4.patch: check ACLs before parsing the
      whole domain XML in src/lxc/lxc_driver.c.
    - debian/patches/CVE-2025-12748-5.patch: check ACLs before parsing the
      whole domain XML in src/vz/vz_driver.c.
    - debian/patches/CVE-2025-12748-6.patch: check ACLs before parsing the
      whole domain XML in src/ch/ch_driver.c.
    - debian/patches/CVE-2025-12748-7.patch: check ACLs before parsing the
      whole domain XML in src/qemu/qemu_driver.c,
      src/qemu/qemu_migration.c, src/qemu/qemu_migration.h,
      src/qemu/qemu_saveimage.c, src/qemu/qemu_saveimage.h,
      src/qemu/qemu_snapshot.c.
    - debian/patches/CVE-2025-12748-8.patch: fix typo in bhyve driver in
      src/bhyve/bhyve_driver.c.
    - CVE-2025-12748
  * SECURITY UPDATE: incorrect world-readable permissions on snapshots
    - debian/patches/CVE-2025-13193.patch: set umask for qemu-img when
      creating external inactive snapshots in src/qemu/qemu_snapshot.c.
    - CVE-2025-13193

 -- Marc Deslauriers <email address hidden> Mon, 08 Dec 2025 13:08:06 -0500
Source diff to previous version
CVE-2025-12748 A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL c
CVE-2025-13193 A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivil

Version: 8.0.0-1ubuntu7.14 2025-10-23 00:07:30 UTC

  libvirt (8.0.0-1ubuntu7.14) jammy; urgency=medium

  * d/p/u-aa/lp2120278-* : virt-aa-helper: Avoid duplicate when append rule
    (LP: #2120278)

 -- Hector Cao <email address hidden> Tue, 14 Oct 2025 22:38:25 +0000
Source diff to previous version
2120278 Apparmor /dev/net/tun overflow

Version: 8.0.0-1ubuntu7.13 2025-10-08 12:07:28 UTC

  libvirt (8.0.0-1ubuntu7.13) jammy; urgency=medium

  * d/p/u/lp-2117467-virdevmapper-device-name-for-targets.patch:
    virdevmapper: Always use device name for finding targets. This ensures
    that all the target devices of a multipath device are added to the
    namespace/cgroup of the guest domain.
    Closes LP: #2117467.

 -- Bhavin Gandhi <email address hidden> Tue, 22 Jul 2025 13:50:20 +0530
2117467 Multipath device's targets are not added to domain namespace/cgroup


About   -   Send Feedback to @ubuntu_updates