[ubuntu/xenial-security] libvirt 1.3.1-1ubuntu10.19 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Feb 20 19:13:43 UTC 2018
libvirt (1.3.1-1ubuntu10.19) xenial-security; urgency=medium
[ Leonidas S. Barbosa ]
* SECURITY UPDATE: resource exhaustion resulting in DoS
- debian/patches/CVE-2018-5748.patch: avoid DoS reading from
QEMU monitor in src/qemu/qemu_monitor.c.
- CVE-2018-5748
* SECURITY UPDATE: Bypass authentication
- debian/patches/CVE-2016-5008.patch: let empty default VNC
password work as documented in src/qemu/qemu_hotplug.c.
- CVE-2016-5008
[ Marc Deslauriers ]
* SECURITY UPDATE: code injection via libnss_dns.so
- debian/patches/CVE-2018-6764-1.patch: determine the hostname on
startup in src/util/virlog.c.
- debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
src/util/virlog.c.
- debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
in cfg.mk, src/util/virlog.c.
- CVE-2018-6764
libvirt (1.3.1-1ubuntu10.18) xenial; urgency=medium
* virsh api is stuck when vm is down with NFS borken (LP: #1746630)
- d/p/0001-qemu-driver-Remove-unnecessary-flag-in-qemuDomainGet.patch
qemu: driver: Remove unnecessary flag in qemuDomainGetStatsBlock
- d/p/0002-qemu-driver-Separate-bulk-stats-worker-for-block-dev.patch
qemu: driver: Separate bulk stats worker for block devices
- d/p/0003-qemu-bulk-stats-Don-t-access-possibly-blocked-storag.patch
qemu: bulk stats: Don't access possibly blocked storage
Date: 2018-02-16 14:33:14.488027+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libvirt/1.3.1-1ubuntu10.19
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list