[ubuntu/trusty-security] libvirt 1.2.2-0ubuntu13.1.16 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jan 12 17:41:01 UTC 2016 

libvirt (1.2.2-0ubuntu13.1.16) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via incorrect ACL check handling
    - debian/patches/CVE-2014-8136.patch: properly unlock vm on failed ACL
      check in src/qemu/qemu_driver.c.
    - CVE-2014-8136
  * SECURITY UPDATE: VNC password leak via snapshots and save images
    - debian/patches/CVE-2015-0236.patch: check ACLs when dumping security
      info in src/qemu/qemu_driver.c, src/remote/remote_protocol.x.
    - CVE-2015-0236
  * SECURITY UPDATE: ACL bypass using storage pool directory traversal
    - debian/patches/CVE-2015-5313.patch: filter filesystem volume names in
      src/storage/storage_backend_fs.c.
    - CVE-2015-5313
  * This package does _not_ contain the changes from 1.2.2-0ubuntu13.1.15
    in trusty-proposed.

libvirt (1.2.2-0ubuntu13.1.14) trusty; urgency=medium

  [ Seyeong Kim ]
  * d/p/fix_libvirtd_killed_by_sigsegv.patch: fix incorrect backport
    (LP: #1464175)

libvirt (1.2.2-0ubuntu13.1.13) trusty; urgency=medium

  [ Seyeong Kim ]
  * virObjectUnref() libvirtd killed by SIGSEGV (LP: #1464175)
    - upstream, util: identity: Harden virIdentitySetCurrent()
    - upstream, daemon: Clear fake domain def object that is used to check 
      ACL prior to use
    - upstream, rpc: Don't unref identity object while callbacks still can 
      be executed

  [ Edward Hope-Morley ]
  * Add post-start to upstart (/etc/init/libvirt-bin.conf) and
    sysv (/etc/init.d/libvirt-bin) to ensure libvirt-sock
    created before up (LP: #1455608)

  * Re-enable Support-incoming-migration-from-13.10-hosts.patch. (LP: #1425619)

libvirt (1.2.2-0ubuntu13.1.12) trusty-proposed; urgency=medium

  * Drop Support-incoming-migration-from-13.10-hosts.patch as it failed
    verification.

libvirt (1.2.2-0ubuntu13.1.11) trusty-proposed; urgency=medium

  * Support-incoming-migration-from-13.10-hosts.patch (LP: #1425619)
  * qemu-filterref-crash.patch: fix crash when removing filterref from
    interfaces (LP: #1448205)
  * storage_backend_rbd-correct-arg-order-to-rbd_create3: fix reversed
    arguments to rbd_create3.  (LP: #1447030)

libvirt (1.2.2-0ubuntu13.1.10) trusty-proposed; urgency=medium

  * 9035-qemu-snapshot-save-persistent-domain-config: upstream fix for a
    regression where persistent domain config was not saved after an external
    snapshot.  (LP: #1403841)
  * 9036-dont-fail-without-cpu-model.patch: fix virsh safe with cpu mode =
    host-passthrough (LP: #1262641)

libvirt (1.2.2-0ubuntu13.1.9) trusty-proposed; urgency=medium

  * apparmor libvirt-qemu template: allow reading charm-specific ceph config
    and allow reading under /tmp and /var/tmp (for SRU only)  (LP: #1403648)
  * numa-cgroups-fix-cpuset-mems-init.patch - cherrypicked, refreshed patch
    (by Richard Laager) to fix failure to start on numa node 1 (LP: #1404388)
  * libvirt-qemu: add r to sgabios.bin (LP: #1393548)

libvirt (1.2.2-0ubuntu13.1.8) trusty-proposed; urgency=medium

  * complete the 9p support: (LP: #1378434)
    - libvirt-qemu: add fowner and fsetid
    - virt-aa-helper: add 'l' to 9p file options
  * libvirt-qemu apparmor template: add /sys/firmware/devicetree/** r
    (LP: #1374554)
  * add mising apparmor permissions for slof (LP: #1374554)

Date: 2016-01-08 16:00:26.017856+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libvirt/1.2.2-0ubuntu13.1.16
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list