UbuntuUpdates.org

Package "libvirt0-dbg"

Name: libvirt0-dbg

Description:

library for interfacing with different virtualization systems

Latest version: 1.2.2-0ubuntu13.1.28
Release: trusty (14.04)
Level: security
Repository: main
Head package: libvirt
Homepage: http://libvirt.org

Links


Download "libvirt0-dbg"


Other versions of "libvirt0-dbg" in Trusty

Repository Area Version
base main 1.2.2-0ubuntu13
updates main 1.2.2-0ubuntu13.1.28

Changelog

Version: 1.2.2-0ubuntu13.1.7 2014-11-11 20:06:28 UTC

  libvirt (1.2.2-0ubuntu13.1.7) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via virConnectListAllDomains
    - debian/patches/CVE-2014-3633.patch: fix domain deadlock in
      src/conf/domain_conf.c.
    - CVE-2014-3633
  * SECURITY UPDATE: xml information leak with read-only connections
    - debian/patches/CVE-2014-7823.patch: check for migratable flag in
      src/libvirt.c, src/remote/remote_protocol.x.
    - CVE-2014-3657
 -- Marc Deslauriers <email address hidden> Mon, 10 Nov 2014 19:48:54 -0500

Source diff to previous version
CVE-2014-3633 qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index
CVE-2014-7823 dumpxml: information leak with migratable flag
CVE-2014-3657 The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remo

Version: 1.2.2-0ubuntu13.1.5 2014-09-30 19:06:39 UTC

  libvirt (1.2.2-0ubuntu13.1.5) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible information disclosure
    via crafted XML document
    - debian/patches/CVE-2014-0179.patch: don't expand entities when
      parsing XML in src/util/virxml.c.
    - CVE-2014-0179
    - CVE-2014-5177
  * SECURITY UPDATE: denial of service or information disclosure via
    virDomainGetBlockIoTune
    - debian/patches/CVE-2014-3633.patch: use correct definition when
      looking up disk in src/qemu/qemu_driver.c.
    - CVE-2014-3633
 -- Marc Deslauriers <email address hidden> Mon, 29 Sep 2014 15:27:53 -0400

CVE-2014-0179 libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing
CVE-2014-5177 libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML d
CVE-2014-3633 qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index



About   -   Send Feedback to @ubuntu_updates