UbuntuUpdates.org

Package "libvirt"

Name: libvirt

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Programs for the libvirt library
  • Virtualization daemon
  • Libvirt daemon configuration files (default network)
  • Libvirt daemon configuration files (default network filters)
Latest version: 10.0.0-2ubuntu8.11
Release: noble (24.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libvirt" in Noble

Repository Area Version
base universe 10.0.0-2ubuntu8
base main 10.0.0-2ubuntu8
security main 10.0.0-2ubuntu8.11
security universe 10.0.0-2ubuntu8.11
updates universe 10.0.0-2ubuntu8.11

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 10.0.0-2ubuntu8.11 2026-01-08 21:11:33 UTC

  libvirt (10.0.0-2ubuntu8.11) noble-security; urgency=medium

  * SECURITY UPDATE: memory consumption DoS via XML parsing
    - debian/patches/CVE-2025-12748-pre1.patch: move unlinking corrupt save
      image file to caller in src/qemu/qemu_driver.c,
      src/qemu/qemu_saveimage.c, src/qemu/qemu_saveimage.h,
      src/qemu/qemu_snapshot.c.
    - debian/patches/CVE-2025-12748-pre2.patch: decompose qemuSaveImageOpen
      in src/qemu/qemu_driver.c, src/qemu/qemu_saveimage.c,
      src/qemu/qemu_saveimage.h, src/qemu/qemu_snapshot.c
    - debian/patches/CVE-2025-12748-pre3.patch: check for valid save image
      format when verifying image header in src/qemu/qemu_saveimage.c.
    - debian/patches/CVE-2025-12748-1.patch: add virDomainDefIDsParseString
      in src/conf/domain_conf.c, src/conf/domain_conf.h,
      src/libvirt_private.syms.
    - debian/patches/CVE-2025-12748-2.patch: check ACLs before parsing the
      whole domain XML in src/bhyve/bhyve_driver.c.
    - debian/patches/CVE-2025-12748-3.patch: check ACLs before parsing the
      whole domain XML in src/libxl/libxl_driver.c,
    - debian/patches/CVE-2025-12748-4.patch: check ACLs before parsing the
      whole domain XML in src/lxc/lxc_driver.c.
    - debian/patches/CVE-2025-12748-5.patch: check ACLs before parsing the
      whole domain XML in src/vz/vz_driver.c.
    - debian/patches/CVE-2025-12748-6.patch: check ACLs before parsing the
      whole domain XML in src/ch/ch_driver.c.
    - debian/patches/CVE-2025-12748-7.patch: check ACLs before parsing the
      whole domain XML in src/qemu/qemu_driver.c,
      src/qemu/qemu_migration.c, src/qemu/qemu_migration.h,
      src/qemu/qemu_saveimage.c, src/qemu/qemu_saveimage.h,
      src/qemu/qemu_snapshot.c.
    - debian/patches/CVE-2025-12748-8.patch: fix typo in bhyve driver in
      src/bhyve/bhyve_driver.c.
    - CVE-2025-12748
  * SECURITY UPDATE: incorrect world-readable permissions on snapshots
    - debian/patches/CVE-2025-13193.patch: set umask for qemu-img when
      creating external inactive snapshots in src/qemu/qemu_snapshot.c.
    - CVE-2025-13193

 -- Marc Deslauriers <email address hidden> Mon, 08 Dec 2025 10:52:22 -0500
Source diff to previous version
CVE-2025-12748 A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL c
CVE-2025-13193 A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivil

Version: 10.0.0-2ubuntu8.10 2025-12-09 20:10:23 UTC

  libvirt (10.0.0-2ubuntu8.10) noble; urgency=medium

  * d/p/u-aa/lp2127492-*: apparmor: Allow AMD-SEV device access for
    AMD-SEV VM (LP: #2127492)

 -- Hector Cao <email address hidden> Wed, 12 Nov 2025 13:04:43 +0100
Source diff to previous version
2127492 permission denied for /dev/sev when run AMD-SEV ES VM

Version: 10.0.0-2ubuntu8.9 2025-10-07 12:07:07 UTC

  libvirt (10.0.0-2ubuntu8.9) noble; urgency=medium

  [ Bhavin Gandhi ]
  * d/p/u/lp-2117467-virdevmapper-device-name-for-targets.patch:
    virdevmapper: Always use device name for finding targets. This ensures
    that all the target devices of a multipath device are added to the
    namespace/cgroup of the guest domain.
    Closes LP: #2117467.

  [ Hector Cao ]
  * d/p/u-aa/lp2079869-* : virt-aa-helper: Avoid duplicate when append rule
    (LP: #2120278)

 -- Hector Cao <email address hidden> Wed, 17 Sep 2025 01:20:45 +0200
Source diff to previous version
2117467 Multipath device's targets are not added to domain namespace/cgroup
2120278 Apparmor /dev/net/tun overflow

Version: 10.0.0-2ubuntu8.8 2025-07-16 18:07:32 UTC

  libvirt (10.0.0-2ubuntu8.8) noble; urgency=medium

  [ Lukas Märdian ]
  * Move README.Debian to libvirt0 package (LP: #2108995).

  [ Hector Cao ]
  * d/p/u/lp2106812-cpu_map-Drop-mpx-from-x86-cpu-models.patch:
    Memory protection extensions (MPX) were introduced in Intel Skylake
    generation CPUs and provided hardware support for bound checking. This
    feature will not be supported in Intel CPUs beginning with the Ice Lake
    generation. Remove missing mpx feature so that libvirts detects correctly
    CPU models (Icelake, ..) instead of the old Blackwell (LP: #2106812)

 -- Lukas Märdian <email address hidden> Wed, 04 Jun 2025 09:53:50 +0200
Source diff to previous version
2108995 README.Debian file not being installed
2106812 Emeralds rapids CPU cannot use Skylake to Icelake feature sets on Jammy 22.04 LTS and Noble 24.04 LTS

Version: 10.0.0-2ubuntu8.7 2025-05-19 18:07:41 UTC

  libvirt (10.0.0-2ubuntu8.7) noble; urgency=medium

  [ Heinrich Schuchardt ]
  * Fix compiler macro to correctly detect RISC-V (LP: #2095488)
    - d/p/u/lp-2095488-virsysinfo-Try-reading-DMI-table.patch
    - d/p/u/lp-2095488-virsysinfo-fix-RISC-V-detection.patch

  [ Lukas Märdian ]
  * Add full boot order support on s390x (LP: #2051239)
    - d/p/u/lp2051239/1-qemu-capabilities-Add-QEMU_CAPS_VIRTIO_CCW_DEVICE.patch
    - d/p/u/lp2051239/2-qemu-command-add-multi-boot-device-support-on-s39.patch
  * apparmor: Allow SGX if configured (LP: #2100024)
    - d/p/u-aa/lp-2100024-Allow-SGX-if-configured.patch

 -- Lukas Märdian <email address hidden> Thu, 13 Mar 2025 17:25:50 +0100
2095488 [SRU] RISC-V: Host sysinfo extraction not supported on this platform
2051239 [25.04 FEAT] [VS1807] KVM: Full boot order support - libvirt part
2100024 apparmor: SGX EPC passthrough, cannot add memory module=sgx-epc


About   -   Send Feedback to @ubuntu_updates