Information on source package libvirt

Available versions

ReleaseVersion
jessie (security)1.2.9-9+deb8u5
stretch (security)3.0.0-4+deb9u3
buster4.7.0-1
sid4.10.0-1

Open issues

BugjessiestretchbustersidDescription
CVE-2015-5160vulnerable (no DSA)fixedfixedfixedlibvirt before 2.2 includes Ceph credentials on the qemu command line ...

Resolved issues

BugDescription
CVE-2018-6764util/virlog.c in libvirt does not properly determine the hostname on ...
CVE-2018-5748qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of ...
CVE-2018-1064libvirt version before 4.2.0-rc1 is vulnerable to a resource ...
CVE-2017-2635A NULL pointer deference flaw was found in the way libvirt from 2.5.0 ...
CVE-2017-1000256libvirt version 2.3.0 and later is vulnerable to a bad default ...
CVE-2016-5008libvirt before 2.0.0 improperly disables password checking when the ...
CVE-2015-5313Directory traversal vulnerability in the ...
CVE-2015-5247The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows ...
CVE-2015-0236libvirt before 1.2.12 allow remote authenticated users to obtain the ...
CVE-2014-8136The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 ...
CVE-2014-8135The storageVolUpload function in storage/storage_driver.c in libvirt ...
CVE-2014-8131The qemu implementation of virConnectGetAllDomainStats in libvirt ...
CVE-2014-7823The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote ...
CVE-2014-5177libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access ...
CVE-2014-3657The virDomainListPopulate function in conf/domain_conf.c in libvirt ...
CVE-2014-3633The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt ...
CVE-2014-1447Race condition in the virNetServerClientStartKeepAlive function in ...
CVE-2014-0179libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a ...
CVE-2014-0028libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to ...
CVE-2013-7336The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in ...
CVE-2013-6458Multiple race conditions in the (1) virDomainBlockStats, (2) ...
CVE-2013-6457The libxlDomainGetNumaParameters function in the libxl driver ...
CVE-2013-6456The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 ...
CVE-2013-6436The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt ...
CVE-2013-5651The virBitmapParse function in util/virbitmap.c in libvirt before ...
CVE-2013-4401The virConnectDomainXMLToNative API function in libvirt 1.1.0 through ...
CVE-2013-4400virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to ...
CVE-2013-4399The remoteClientFreeFunc function in daemon/remote.c in libvirt before ...
CVE-2013-4311libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x ...
CVE-2013-4297The virFileNBDDeviceAssociate function in util/virfile.c in libvirt ...
CVE-2013-4296The remoteDispatchDomainMemoryStats function in daemon/remote.c in ...
CVE-2013-4292libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of ...
CVE-2013-4291The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, ...
CVE-2013-4239The xenDaemonListDefinedDomains function in xen/xend_internal.c in ...
CVE-2013-4154The qemuAgentCommand function in libvirt before 1.1.1, when a guest ...
CVE-2013-4153Double free vulnerability in the qemuAgentGetVCPUs function in ...
CVE-2013-2230The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows ...
CVE-2013-2218Double free vulnerability in the virConnectListAllInterfaces method in ...
CVE-2013-1962The remoteDispatchStoragePoolListAllVolumes function in the storage ...
CVE-2013-1766libvirt 1.0.2 and earlier sets the group owner to kvm for device ...
CVE-2013-0170Use-after-free vulnerability in the virNetMessageFree function in ...
CVE-2012-4423The virNetServerProgramDispatchCall function in libvirt before 0.10.2 ...
CVE-2012-3445The virTypedParameterArrayClear function in libvirt 0.9.13 does not ...
CVE-2012-2693libvirt, possibly before 0.9.12, does not properly assign USB devices ...
CVE-2011-4600The networkReloadIptablesRules function in network/bridge_driver.c in ...
CVE-2011-2511Integer overflow in libvirt before 0.9.3 allows remote authenticated ...
CVE-2011-2178The virSecurityManagerGetPrivateData function in ...
CVE-2011-1486libvirtd in libvirt before 0.9.0 does not use thread-safe error ...
CVE-2011-1146libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly ...
CVE-2010-2242Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with ...
CVE-2010-2239Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images ...
CVE-2010-2238Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into ...
CVE-2010-2237Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing ...
CVE-2009-0036Buffer overflow in the proxyReadClientSocket function in ...
CVE-2008-5086Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a ...

Security announcements

DSA / DLADescription
DLA-1315-1libvirt - security update
DSA-4137-1libvirt - security update
DSA-4137-1libvirt - security update
DSA-4003-1libvirt - security update
DSA-3613-1libvirt - security update
DLA-541-1libvirt - security update
DSA-3038-1libvirt - security update
DSA-2846-1libvirt - several
DSA-2764-1libvirt - programming error
DSA-2650-1libvirt - files and device nodes ownership change to kvm group
DSA-2280-1libvirt - several
DSA-2280-1libvirt - several
DSA-2194-1libvirt - privilege escalation

Search for package or bug name: Reporting problems