[ubuntu/lucid-security] libvirt_0.7.5-5ubuntu27.5_powerpc_translations.tar.gz (delayed), libvirt_0.7.5-5ubuntu27.5_amd64_translations.tar.gz, libvirt_0.7.5-5ubuntu27.5_armel_translations.tar.gz, libvirt, libvirt_0.7.5-5ubuntu27.5_i386_translations.tar.gz, libvirt_0.7.5-5ubuntu27.5_ia64_translations.tar.gz 0.7.5-5ubuntu27.5 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Oct 21 23:04:42 BST 2010 

libvirt (0.7.5-5ubuntu27.5) lucid-security; urgency=low

  * SECURITY UPDATE: fix multiple issues with disk format for backing stores
    which could allow a privileged guest user to access arbitrary files on
    the host.
    - debian/patches/9900-CVE-2010-2237-2238-2239.patch:
      + update security drivers to honor the user defined disk format when
        looking up disk backing stores
      + update security drivers to honor the defined backing store disk format
        when recursing into disk image backing stores
      + explicitly set the user defined backing store format when creating a
        new image
    - migrate virtual machine definitions with non-raw disks and previously
      unspecified disk format with a one time probe on upgrades:
      + add debian/libvirt-migrate-qemu-disks
      + add debian/libvirt-migrate-qemu-disks.1
      + debian/libvirt-bin.postinst: updated to run
        'libvirt-migrate-qemu-disks -a' on upgrades
      + debian/rules: cp debian/libvirt-migrate-qemu-disks into place
      + debian/libvirt-bin.manpages: install libvirt-migrate-qemu-disks.1
      + debian/README.Debian: updated for libvirt-migrate-qemu-disks
    - CVE-2010-2237
    - CVE-2010-2238
    - CVE-2010-2239
  * SECURITY UPDATE: fix to disallow privileged users in guests from accessing
    privileged resources, such as NFS
    - debian/patches/9901-CVE-2010-2242.patch: set iptables masqerading rules
      to use ports 1024-65535
    - CVE-2010-2242

Date: Wed, 01 Sep 2010 10:22:04 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/libvirt/0.7.5-5ubuntu27.5
-------------- next part --------------
Format: 1.8
Date: Wed, 01 Sep 2010 10:22:04 -0500
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source
Version: 0.7.5-5ubuntu27.5
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 libvirt-bin - the programs for the libvirt library
 libvirt-dev - development files for the libvirt library
 libvirt-doc - documentation for the libvirt library
 libvirt0   - library for interfacing with different virtualization systems
 libvirt0-dbg - library for interfacing with different virtualization systems
 python-libvirt - libvirt Python bindings
Changes: 
 libvirt (0.7.5-5ubuntu27.5) lucid-security; urgency=low
 .
   * SECURITY UPDATE: fix multiple issues with disk format for backing stores
     which could allow a privileged guest user to access arbitrary files on
     the host.
     - debian/patches/9900-CVE-2010-2237-2238-2239.patch:
       + update security drivers to honor the user defined disk format when
         looking up disk backing stores
       + update security drivers to honor the defined backing store disk format
         when recursing into disk image backing stores
       + explicitly set the user defined backing store format when creating a
         new image
     - migrate virtual machine definitions with non-raw disks and previously
       unspecified disk format with a one time probe on upgrades:
       + add debian/libvirt-migrate-qemu-disks
       + add debian/libvirt-migrate-qemu-disks.1
       + debian/libvirt-bin.postinst: updated to run
         'libvirt-migrate-qemu-disks -a' on upgrades
       + debian/rules: cp debian/libvirt-migrate-qemu-disks into place
       + debian/libvirt-bin.manpages: install libvirt-migrate-qemu-disks.1
       + debian/README.Debian: updated for libvirt-migrate-qemu-disks
     - CVE-2010-2237
     - CVE-2010-2238
     - CVE-2010-2239
   * SECURITY UPDATE: fix to disallow privileged users in guests from accessing
     privileged resources, such as NFS
     - debian/patches/9901-CVE-2010-2242.patch: set iptables masqerading rules
       to use ports 1024-65535
     - CVE-2010-2242
Checksums-Sha1: 
 b5f2f9a0f9e09b93e8a985ad36eca8529b229b44 1996 libvirt_0.7.5-5ubuntu27.5.dsc
 4057eef0188da3409d93019d94dfed30b4a1437e 77212 libvirt_0.7.5-5ubuntu27.5.diff.gz
Checksums-Sha256: 
 ded790c98f747d7dbccede1bbddedad3c37ac3e96e49fb23603ac3818d0e86df 1996 libvirt_0.7.5-5ubuntu27.5.dsc
 a930fe1433ddcab48179d4027c4ba4cc2bd1eecff91e3a66f8a405aa5431bb74 77212 libvirt_0.7.5-5ubuntu27.5.diff.gz
Files: 
 ee13002bfba6799f6c19de6e6f9be91f 1996 libs optional libvirt_0.7.5-5ubuntu27.5.dsc
 fa5e47e0019f1433b96f8bd43609fbfa 77212 libs optional libvirt_0.7.5-5ubuntu27.5.diff.gz
Original-Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers at lists.alioth.debian.org>

More information about the Lucid-changes mailing list