[ubuntu/wily-security] libvirt 1.2.16-2ubuntu11.15.10.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jan 12 17:41:01 UTC 2016
libvirt (1.2.16-2ubuntu11.15.10.2) wily-security; urgency=medium
* SECURITY UPDATE: denial of service via NFS pool volume creation failure
- debian/patches/CVE-2015-5247.patch: correct the mode check in
src/storage/storage_backend.c, handle failure from refreshVol in
src/storage/storage_driver.c, introduce virFileUnlink in
src/libvirt_private.syms, src/storage/storage_backend_fs.c,
src/util/virfile.c, src/util/virfile.h.
- CVE-2015-5247
* SECURITY UPDATE: ACL bypass using storage pool directory traversal
- debian/patches/CVE-2015-5313.patch: filter filesystem volume names in
src/storage/storage_backend_fs.c.
- CVE-2015-5313
Date: 2016-01-08 16:01:14.113620+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libvirt/1.2.16-2ubuntu11.15.10.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Wily-changes
mailing list