Univention Bugzilla – Bug 46676
libvirt: Multiple issues (4.3)
Last modified: 2018-05-16 17:04:14 CEST
New Debian libvirt 3.0.0-4+deb9u3A~4.3.0.201803150704 fixes: This update addresses the following issues: * CVE-2018-1064: avoid denial of service reading from QEMU guest agent * CVE-2018-6764: virlog: determine the hostname on startup CVE-2018-6764 libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init CVE-2018-1064
[4.3-0] e88703a480 Bug #46676: libvirt_3.0.0-4+deb9u3A~4.3.0.201803150704 Imported from Debian-Stretch, Patches merged automatically, rebuild
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libvirt_3.0.0-4+deb9u1A~4.3.0.201711231149.dsc +++ apt/ucs_4.3-0-errata4.3-0/source/libvirt_3.0.0-4+deb9u3A~4.3.0.201803150704.dsc @@ -1,4 +1,4 @@ -3.0.0-4+deb9u1A~4.3.0.201711231149 [Thu, 23 Nov 2017 11:54:21 +0100] Univention builddaemon <buildd@univention.de>: +3.0.0-4+deb9u3A~4.3.0.201803150704 [Thu, 15 Mar 2018 15:20:21 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Bug-35768-Bug-39685-Remove-UCS-dependencies @@ -10,6 +10,20 @@ 0025-Bug-40318-libvirt-Handle-qemu-kvm-1.1.2-migration-in 0026-Bug-21501-add-slash-screen-support +3.0.0-4+deb9u3 [Mon, 12 Mar 2018 19:11:51 +0100] Guido Günther <agx@sigxcpu.org>: + + * gbp: switch branch to stretch + * CVE-2018-1064: qemu: avoid denial of service reading from QEMU guest agent + * CVE-2018-6764: virlog: determine the hostname on startup + (Closes: #889839) + +3.0.0-4+deb9u2 [Sat, 20 Jan 2018 17:51:39 +0100] Guido Günther <agx@sigxcpu.org>: + + * CVE-2018-5748: qemu: avoid denial of service reading from QEMU monitor + (Closes: #887700) + * qemu: shared disks with cache=directsync should be safe for migration. + Thanks to Carsten Burkhardt (Closes: #883208) + 3.0.0-4+deb9u1 [Mon, 16 Oct 2017 22:48:55 +0200] Guido Günther <agx@sigxcpu.org>: * CVE-2017-1000256: qemu: ensure TLS clients always verify the server
* UCS specific patches merged and applied during built * Comparison to previously shipped version ok * Binary package update Ok * Advisory: CVE-2018-5748 missing?
(In reply to Arvid Requate from comment #3) > * Advisory: CVE-2018-5748 missing? Yes, added: [4.3-0] 89aab99e5b Bug #46676: libvirt 3.0.0-4+deb9u3 YAML fix doc/errata/staging/libvirt.yaml | 2 ++ 1 file changed, 2 insertions(+)
<http://errata.software-univention.de/ucs/4.3/58.html>