[ubuntu-cloud-archive/mitaka-proposed] libvirt (Accepted)

Corey Bryant corey.bryant at canonical.com
Thu Mar 29 19:41:18 UTC 2018


 libvirt (1.3.1-1ubuntu10.19~cloud0) trusty-mitaka; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 libvirt (1.3.1-1ubuntu10.19) xenial-security; urgency=medium
 .
   [ Leonidas S. Barbosa ]
   * SECURITY UPDATE: resource exhaustion resulting in DoS
     - debian/patches/CVE-2018-5748.patch: avoid DoS reading from
       QEMU monitor in src/qemu/qemu_monitor.c.
     - CVE-2018-5748
   * SECURITY UPDATE: Bypass authentication
     - debian/patches/CVE-2016-5008.patch: let empty default VNC
       password work as documented in src/qemu/qemu_hotplug.c.
     - CVE-2016-5008
 .
   [ Marc Deslauriers ]
   * SECURITY UPDATE: code injection via libnss_dns.so
     - debian/patches/CVE-2018-6764-1.patch: determine the hostname on
       startup in src/util/virlog.c.
     - debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
       src/util/virlog.c.
     - debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
       in cfg.mk, src/util/virlog.c.
     - CVE-2018-6764

Date: Thu, 29 Mar 2018 15:13:30 -0400
Changed-By: Corey Bryant <corey.bryant at canonical.com>
Signed-By: Corey Bryant <corey.bryant at canonical.com> 
Published-By: Corey Bryant <corey.bryant at canonical.com>


More information about the Cloud-archive-changes mailing list