UbuntuUpdates.org

Package "libvirt-daemon"

Name: libvirt-daemon

Description:

Virtualization daemon
Latest version: 10.0.0-2ubuntu8.13
Release: noble (24.04)
Level: updates
Repository: main
Head package: libvirt
Homepage: https://libvirt.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libvirt-daemon"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libvirt-daemon" in Noble

Repository Area Version
base main 10.0.0-2ubuntu8
security main 10.0.0-2ubuntu8.11
proposed main 10.0.0-2ubuntu8.13

Changelog

Version: 10.0.0-2ubuntu8.13 2026-04-09 18:09:41 UTC

  libvirt (10.0.0-2ubuntu8.13) noble; urgency=medium

  * d/p/u/lp2138902-*: prevent qemu virtiofs crash if cgroup is missing
    (LP: #2138902)

 -- Hector Cao <email address hidden> Wed, 18 Mar 2026 23:54:19 +0100
Source diff to previous version
2138902 session libvirtd crashes when hot adding filesystems

Version: 10.0.0-2ubuntu8.12 2026-03-03 18:08:00 UTC

  libvirt (10.0.0-2ubuntu8.12) noble; urgency=medium

  [ Hector Cao ]
  * Enable MSR kernel module load (LP: #2106791)
    In recent CPUs, some CPU features detection is done by reading
    Model Specific Registers (MSR). To do that, libvirt needs the
    msr kernel module to be loaded.
     - d/p/d/x86-install-modules-load.d-file-to-load-msr-module.patch
     - d/rules : install msr.conf file for libvirt-daemon-system only
       for affected arches (x86)
     - d/libvirt-daemon-system.postinst : trigger the module load

  [ Dmitriy Rabotyagov ]
  * debian/patches/ubuntu/lp-2133183-no-empty-string-tls-hostname.patch:
    Don't use empty string for 'tls-hostname' NBD blockdev.
    Thanks to Peter Krempa <email address hidden>. (LP: #2133183)

 -- Hector Cao <email address hidden> Wed, 04 Feb 2026 09:56:00 +0100
Source diff to previous version
2106791 Emerald Rapids cannot be used as Sapphire Rapids on Ubuntu due to TSX features
2133183 libvirt fails to live-migrate instances with non-shared storage, tls and live migrations

Version: 10.0.0-2ubuntu8.11 2026-01-08 21:11:33 UTC

  libvirt (10.0.0-2ubuntu8.11) noble-security; urgency=medium

  * SECURITY UPDATE: memory consumption DoS via XML parsing
    - debian/patches/CVE-2025-12748-pre1.patch: move unlinking corrupt save
      image file to caller in src/qemu/qemu_driver.c,
      src/qemu/qemu_saveimage.c, src/qemu/qemu_saveimage.h,
      src/qemu/qemu_snapshot.c.
    - debian/patches/CVE-2025-12748-pre2.patch: decompose qemuSaveImageOpen
      in src/qemu/qemu_driver.c, src/qemu/qemu_saveimage.c,
      src/qemu/qemu_saveimage.h, src/qemu/qemu_snapshot.c
    - debian/patches/CVE-2025-12748-pre3.patch: check for valid save image
      format when verifying image header in src/qemu/qemu_saveimage.c.
    - debian/patches/CVE-2025-12748-1.patch: add virDomainDefIDsParseString
      in src/conf/domain_conf.c, src/conf/domain_conf.h,
      src/libvirt_private.syms.
    - debian/patches/CVE-2025-12748-2.patch: check ACLs before parsing the
      whole domain XML in src/bhyve/bhyve_driver.c.
    - debian/patches/CVE-2025-12748-3.patch: check ACLs before parsing the
      whole domain XML in src/libxl/libxl_driver.c,
    - debian/patches/CVE-2025-12748-4.patch: check ACLs before parsing the
      whole domain XML in src/lxc/lxc_driver.c.
    - debian/patches/CVE-2025-12748-5.patch: check ACLs before parsing the
      whole domain XML in src/vz/vz_driver.c.
    - debian/patches/CVE-2025-12748-6.patch: check ACLs before parsing the
      whole domain XML in src/ch/ch_driver.c.
    - debian/patches/CVE-2025-12748-7.patch: check ACLs before parsing the
      whole domain XML in src/qemu/qemu_driver.c,
      src/qemu/qemu_migration.c, src/qemu/qemu_migration.h,
      src/qemu/qemu_saveimage.c, src/qemu/qemu_saveimage.h,
      src/qemu/qemu_snapshot.c.
    - debian/patches/CVE-2025-12748-8.patch: fix typo in bhyve driver in
      src/bhyve/bhyve_driver.c.
    - CVE-2025-12748
  * SECURITY UPDATE: incorrect world-readable permissions on snapshots
    - debian/patches/CVE-2025-13193.patch: set umask for qemu-img when
      creating external inactive snapshots in src/qemu/qemu_snapshot.c.
    - CVE-2025-13193

 -- Marc Deslauriers <email address hidden> Mon, 08 Dec 2025 10:52:22 -0500
Source diff to previous version
CVE-2025-12748 A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL c
CVE-2025-13193 A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivil

Version: 10.0.0-2ubuntu8.10 2025-12-09 20:10:23 UTC

  libvirt (10.0.0-2ubuntu8.10) noble; urgency=medium

  * d/p/u-aa/lp2127492-*: apparmor: Allow AMD-SEV device access for
    AMD-SEV VM (LP: #2127492)

 -- Hector Cao <email address hidden> Wed, 12 Nov 2025 13:04:43 +0100
Source diff to previous version
2127492 permission denied for /dev/sev when run AMD-SEV ES VM

Version: 10.0.0-2ubuntu8.9 2025-10-07 12:07:07 UTC

  libvirt (10.0.0-2ubuntu8.9) noble; urgency=medium

  [ Bhavin Gandhi ]
  * d/p/u/lp-2117467-virdevmapper-device-name-for-targets.patch:
    virdevmapper: Always use device name for finding targets. This ensures
    that all the target devices of a multipath device are added to the
    namespace/cgroup of the guest domain.
    Closes LP: #2117467.

  [ Hector Cao ]
  * d/p/u-aa/lp2079869-* : virt-aa-helper: Avoid duplicate when append rule
    (LP: #2120278)

 -- Hector Cao <email address hidden> Wed, 17 Sep 2025 01:20:45 +0200
2117467 Multipath device's targets are not added to domain namespace/cgroup
2120278 Apparmor /dev/net/tun overflow


About   -   Send Feedback to @ubuntu_updates