[ubuntu/saucy-security] libvirt 1.1.1-0ubuntu8.5 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Jan 30 20:29:41 UTC 2014

libvirt (1.1.1-0ubuntu8.5) saucy-security; urgency=medium

  * SECURITY UPDATE: denial of service via lxc guest and virsh memtune
    - debian/patches/CVE-2013-6436.patch: make sure domain is active in
    - CVE-2013-6436
  * SECURITY UPDATE: denial of service via job usage issues in several APIs
    - debian/patches/CVE-2013-6458.patch: fix races in
    - CVE-2013-6458
  * SECURITY UPDATE: information disclosure via incorrect permission checks
    - debian/patches/CVE-2014-0028.patch: properly apply acls to events in
      src/access/viraccessperm.h, src/conf/domain_event.*,
      src/libxl/libxl_driver.c, src/lxc/lxc_driver.c,
      src/qemu/qemu_driver.c, src/remote/remote_driver.c,
      src/remote/remote_protocol.x, src/test/test_driver.c,
      src/uml/uml_driver.c, src/vbox/vbox_tmpl.c, src/xen/xen_driver.c.
    - CVE-2014-0028
  * SECURITY UPDATE: denial of service via keepalive feature
    - debian/patches/CVE-2014-1447.patch: make sure connection isn't closed
      in src/rpc/virnetserverclient.c.
    - CVE-2014-1447
  * SECURITY UPDATE: denial of service via reading libxl guest numa tables
    - debian/patches/CVE-2013-6457.patch: avoid invalid free in
    - CVE-2013-6457
  * This package does _not_ contain the changes from 1.1.1-0ubuntu8.3
    in saucy-proposed.

libvirt (1.1.1-0ubuntu8.2) saucy-proposed; urgency=low

  * add d/p/util_use_w_flag_when_calling_iptables.patch (LP: #1245322)
  * debian/apparmor/libvirt-qemu: allow access to usb info (LP: #1245251)
  * debian/apparmor/libvirt-qemu: allow access to hugepages mounts
    (LP: #1250216)

Date: 2014-01-30 13:09:14.443617+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Saucy-changes mailing list