Information on source package libvirt

Available versions

ReleaseVersion
stretch3.0.0-4+deb9u4
stretch (security)3.0.0-4+deb9u5
buster5.0.0-4+deb10u1
bullseye7.0.0-3
bookworm7.6.0-1
sid7.6.0-1

Open issues

BugstretchbusterbullseyebookwormsidDescription
CVE-2021-3975vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedsegmentation fault during VM shutdown can lead to vdsm hung
CVE-2021-3667fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixed
CVE-2021-3631vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedinsecure sVirt label generation
CVE-2020-25637fixedvulnerable (no DSA)fixedfixedfixedA double free memory issue was found to occur in the libvirt API, in v ...
CVE-2020-12430fixedvulnerable (no DSA)fixedfixedfixedAn issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...
CVE-2020-10703fixedvulnerable (no DSA)fixedfixedfixedA NULL pointer dereference was found in the libvirt API responsible in ...
CVE-2019-20485vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedqemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a ...
CVE-2019-3840vulnerable (no DSA)fixedfixedfixedfixedA NULL pointer dereference flaw was discovered in libvirt before versi ...

Resolved issues

BugDescription
CVE-2021-3559A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...
CVE-2020-15708Ubuntu's packaging of libvirt in 20.04 LTS created a control socket wi ...
CVE-2020-14339A flaw was found in libvirt, where it leaked a file descriptor for `/d ...
CVE-2020-14301An information disclosure vulnerability was found in libvirt in versio ...
CVE-2020-10701A missing authorization flaw was found in the libvirt API responsible ...
CVE-2019-10168The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorC ...
CVE-2019-10167The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x befo ...
CVE-2019-10166It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x. ...
CVE-2019-10161It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would ...
CVE-2019-10132A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admi ...
CVE-2019-3886An incorrect permissions check was discovered in libvirt 4.8.0 and abo ...
CVE-2018-6764util/virlog.c in libvirt does not properly determine the hostname on L ...
CVE-2018-5748qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of s ...
CVE-2018-1064libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustio ...
CVE-2017-1000256libvirt version 2.3.0 and later is vulnerable to a bad default configu ...
CVE-2017-2635A NULL pointer deference flaw was found in the way libvirt from 2.5.0 ...
CVE-2016-10746libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API ...
CVE-2016-5008libvirt before 2.0.0 improperly disables password checking when the pa ...
CVE-2015-5313Directory traversal vulnerability in the virStorageBackendFileSystemVo ...
CVE-2015-5247The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows ...
CVE-2015-5160libvirt before 2.2 includes Ceph credentials on the qemu command line ...
CVE-2015-0236libvirt before 1.2.12 allow remote authenticated users to obtain the V ...
CVE-2014-8136The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 func ...
CVE-2014-8135The storageVolUpload function in storage/storage_driver.c in libvirt b ...
CVE-2014-8131The qemu implementation of virConnectGetAllDomainStats in libvirt befo ...
CVE-2014-7823The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote rea ...
CVE-2014-5177libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access con ...
CVE-2014-3657The virDomainListPopulate function in conf/domain_conf.c in libvirt be ...
CVE-2014-3633The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt ...
CVE-2014-1447Race condition in the virNetServerClientStartKeepAlive function in lib ...
CVE-2014-0179libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a ...
CVE-2014-0028libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypa ...
CVE-2013-7336The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in lib ...
CVE-2013-6458Multiple race conditions in the (1) virDomainBlockStats, (2) virDomain ...
CVE-2013-6457The libxlDomainGetNumaParameters function in the libxl driver (libxl/l ...
CVE-2013-6456The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allow ...
CVE-2013-6436The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt ...
CVE-2013-5651The virBitmapParse function in util/virbitmap.c in libvirt before 1.1. ...
CVE-2013-4401The virConnectDomainXMLToNative API function in libvirt 1.1.0 through ...
CVE-2013-4400virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to ...
CVE-2013-4399The remoteClientFreeFunc function in daemon/remote.c in libvirt before ...
CVE-2013-4311libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x ...
CVE-2013-4297The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1. ...
CVE-2013-4296The remoteDispatchDomainMemoryStats function in daemon/remote.c in lib ...
CVE-2013-4292libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of servic ...
CVE-2013-4291The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1. ...
CVE-2013-4239The xenDaemonListDefinedDomains function in xen/xend_internal.c in lib ...
CVE-2013-4154The qemuAgentCommand function in libvirt before 1.1.1, when a guest ag ...
CVE-2013-4153Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qe ...
CVE-2013-2230The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows re ...
CVE-2013-2218Double free vulnerability in the virConnectListAllInterfaces method in ...
CVE-2013-1962The remoteDispatchStoragePoolListAllVolumes function in the storage po ...
CVE-2013-1766libvirt 1.0.2 and earlier sets the group owner to kvm for device files ...
CVE-2013-0170Use-after-free vulnerability in the virNetMessageFree function in rpc/ ...
CVE-2012-4423The virNetServerProgramDispatchCall function in libvirt before 0.10.2 ...
CVE-2012-3445The virTypedParameterArrayClear function in libvirt 0.9.13 does not pr ...
CVE-2012-2693libvirt, possibly before 0.9.12, does not properly assign USB devices ...
CVE-2011-4600The networkReloadIptablesRules function in network/bridge_driver.c in ...
CVE-2011-2511Integer overflow in libvirt before 0.9.3 allows remote authenticated u ...
CVE-2011-2178The virSecurityManagerGetPrivateData function in security/security_man ...
CVE-2011-1486libvirtd in libvirt before 0.9.0 does not use thread-safe error report ...
CVE-2011-1146libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restri ...
CVE-2010-2242Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improp ...
CVE-2010-2239Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images with ...
CVE-2010-2238Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-imag ...
CVE-2010-2237Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing s ...
CVE-2009-0036Buffer overflow in the proxyReadClientSocket function in proxy/libvirt ...
CVE-2008-5086Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a conn ...

Security announcements

DSA / DLADescription
DLA-2395-1libvirt - security update
DLA-1832-1libvirt - security update
DSA-4469-1libvirt - security update
DLA-1772-1libvirt - security update
DLA-1315-1libvirt - security update
DSA-4137-1libvirt - security update
DSA-4003-1libvirt - security update
DSA-3613-1libvirt - security update
DLA-541-1libvirt - security update
DSA-3038-1libvirt - security update
DSA-2846-1libvirt - several
DSA-2764-1libvirt - programming error
DSA-2650-1libvirt - files and device nodes ownership change to kvm group
DSA-2280-1libvirt - several
DSA-2194-1libvirt - privilege escalation

Search for package or bug name: Reporting problems