UbuntuUpdates.org

Package "libvirt-dev"

Name: libvirt-dev

Description:

development files for the libvirt library

Latest version: 0.9.8-2ubuntu17.23
Release: precise (12.04)
Level: security
Repository: main
Head package: libvirt
Homepage: http://libvirt.org

Links


Download "libvirt-dev"


Other versions of "libvirt-dev" in Precise

Repository Area Version
base main 0.9.8-2ubuntu17
updates main 0.9.8-2ubuntu17.23

Changelog

Version: 0.9.8-2ubuntu17.23 2016-01-12 19:07:11 UTC

  libvirt (0.9.8-2ubuntu17.23) precise-security; urgency=medium

  * SECURITY UPDATE: unintended firewall port exposure
    - debian/patches/CVE-2011-4600.patch: don't add iptables rules for
      externally managed networks in src/network/bridge_driver.c.
    - CVE-2011-4600

 -- Marc Deslauriers Fri, 08 Jan 2016 10:00:16 -0500

Source diff to previous version

Version: 0.9.8-2ubuntu17.20 2014-09-30 19:06:37 UTC

  libvirt (0.9.8-2ubuntu17.20) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted XML document
    - debian/patches/CVE-2014-0179.patch: don't expand entities when
      parsing XML in src/util/xml.c.
    - CVE-2014-0179
  * SECURITY UPDATE: denial of service or information disclosure via
    virDomainGetBlockIoTune
    - debian/patches/CVE-2014-3633.patch: use correct definition when
      looking up disk in src/qemu/qemu_driver.c.
    - CVE-2014-3633
 -- Marc Deslauriers <email address hidden> Mon, 29 Sep 2014 15:47:47 -0400

Source diff to previous version
CVE-2014-0179 libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing
CVE-2014-3633 qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index

Version: 0.9.8-2ubuntu17.17 2014-01-30 21:06:38 UTC

  libvirt (0.9.8-2ubuntu17.17) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via job usage issues in several APIs
    - debian/patches/CVE-2013-6458.patch: fix races in
      src/qemu/qemu_driver.c. Backport virReportError macro to cfg.mk,
      src/util/virterror_internal.h.
    - CVE-2013-6458
  * SECURITY UPDATE: denial of service via keepalive feature
    - debian/patches/CVE-2014-1447.patch: make sure connection isn't closed
      in src/rpc/virnetserverclient.c.
    - CVE-2014-1447
 -- Marc Deslauriers <email address hidden> Mon, 20 Jan 2014 15:15:03 -0500

Source diff to previous version
CVE-2013-6458 Multiple race conditions in the (1) virDomainBlockStats, (2) ...
CVE-2014-1447 Race condition in the virNetServerClientStartKeepAlive function in ...

Version: 0.9.8-2ubuntu17.13 2013-09-18 14:08:27 UTC

  libvirt (0.9.8-2ubuntu17.13) precise-security; urgency=low

  * SECURITY UPDATE: possible privilege escalation via pkcheck race.
    - debian/patches/CVE-2013-4311.patch: add uid to pkcheck call in
      configure.ac, daemon/remote.c, src/Makefile.am,
      src/rpc/virnetserverclient.*, src/rpc/virnetsocket.c*,
      src/util/virprocess.*, src/util/virstring.*.
    - debian/patches/CVE-2013-4311-autotools.patch: autotools changes.
    - debian/control: specify version of policykit-1 security update, add
      libpolkit-gobject-1-dev to Build-Depends.
    - CVE-2013-4311
  * SECURITY UPDATE: denial of service in remoteDispatchDomainMemoryStats
    - debian/patches/CVE-2013-4296.patch: properly initialize stats in
      daemon/remote.c.
    - CVE-2013-4296
 -- Marc Deslauriers <email address hidden> Fri, 13 Sep 2013 14:20:26 -0400

Source diff to previous version
CVE-2013-4311 RESERVED
CVE-2013-4296 RESERVED

Version: 0.9.8-2ubuntu17.7 2013-01-29 17:06:45 UTC

  libvirt (0.9.8-2ubuntu17.7) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via invalid RPC call
    - debian/patches/CVE-2012-4423.patch: properly check func in
      src/rpc/virnetserverprogram.c.
    - CVE-2012-4423
  * SECURITY UPDATE: denial of service and possible code execution via
    uninitialized pointer
    - debian/patches/CVE-2013-0170.patch: remove message from queue before
      freeing in src/rpc/virnetserverclient.c.
    - CVE-2013-0170
 -- Marc Deslauriers <email address hidden> Mon, 28 Jan 2013 16:00:15 -0500

CVE-2012-4423 libvirt DoS
CVE-2013-0170 libvirt Use-After-Free May Let Remote Users Execute Arbitrary Code



About   -   Send Feedback to @ubuntu_updates