[ubuntu/saucy-updates] libvirt 1.1.1-0ubuntu8.5 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jan 30 21:03:25 UTC 2014

libvirt (1.1.1-0ubuntu8.5) saucy-security; urgency=medium

  * SECURITY UPDATE: denial of service via lxc guest and virsh memtune
    - debian/patches/CVE-2013-6436.patch: make sure domain is active in
    - CVE-2013-6436
  * SECURITY UPDATE: denial of service via job usage issues in several APIs
    - debian/patches/CVE-2013-6458.patch: fix races in
    - CVE-2013-6458
  * SECURITY UPDATE: information disclosure via incorrect permission checks
    - debian/patches/CVE-2014-0028.patch: properly apply acls to events in
      src/access/viraccessperm.h, src/conf/domain_event.*,
      src/libxl/libxl_driver.c, src/lxc/lxc_driver.c,
      src/qemu/qemu_driver.c, src/remote/remote_driver.c,
      src/remote/remote_protocol.x, src/test/test_driver.c,
      src/uml/uml_driver.c, src/vbox/vbox_tmpl.c, src/xen/xen_driver.c.
    - CVE-2014-0028
  * SECURITY UPDATE: denial of service via keepalive feature
    - debian/patches/CVE-2014-1447.patch: make sure connection isn't closed
      in src/rpc/virnetserverclient.c.
    - CVE-2014-1447
  * SECURITY UPDATE: denial of service via reading libxl guest numa tables
    - debian/patches/CVE-2013-6457.patch: avoid invalid free in
    - CVE-2013-6457
  * This package does _not_ contain the changes from 1.1.1-0ubuntu8.3
    in saucy-proposed.

Date: 2014-01-30 13:09:14.443617+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Saucy-changes mailing list