Information on source package libvirt

Available versions

ReleaseVersion
jessie1.2.9-9+deb8u5
jessie (security)1.2.9-9+deb8u7
stretch3.0.0-4+deb9u3
stretch (security)3.0.0-4+deb9u4
buster5.0.0-4
bullseye5.0.0-4.1
sid5.0.0-4.1

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-3840fixedvulnerable (no DSA)fixedfixedfixedA NULL pointer dereference flaw was discovered in libvirt before versi ...
CVE-2015-5160vulnerable (no DSA)fixedfixedfixedfixedlibvirt before 2.2 includes Ceph credentials on the qemu command line ...

Resolved issues

BugDescription
CVE-2019-3886An incorrect permissions check was discovered in libvirt 4.8.0 and abo ...
CVE-2019-10168The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorC ...
CVE-2019-10167The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x befo ...
CVE-2019-10166It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x. ...
CVE-2019-10161It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would ...
CVE-2019-10132A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admi ...
CVE-2018-6764util/virlog.c in libvirt does not properly determine the hostname on L ...
CVE-2018-5748qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of s ...
CVE-2018-1064libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustio ...
CVE-2017-2635A NULL pointer deference flaw was found in the way libvirt from 2.5.0 ...
CVE-2017-1000256libvirt version 2.3.0 and later is vulnerable to a bad default configu ...
CVE-2016-5008libvirt before 2.0.0 improperly disables password checking when the pa ...
CVE-2016-10746libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API ...
CVE-2015-5313Directory traversal vulnerability in the virStorageBackendFileSystemVo ...
CVE-2015-5247The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows ...
CVE-2015-0236libvirt before 1.2.12 allow remote authenticated users to obtain the V ...
CVE-2014-8136The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 func ...
CVE-2014-8135The storageVolUpload function in storage/storage_driver.c in libvirt b ...
CVE-2014-8131The qemu implementation of virConnectGetAllDomainStats in libvirt befo ...
CVE-2014-7823The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote rea ...
CVE-2014-5177libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access con ...
CVE-2014-3657The virDomainListPopulate function in conf/domain_conf.c in libvirt be ...
CVE-2014-3633The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt ...
CVE-2014-1447Race condition in the virNetServerClientStartKeepAlive function in lib ...
CVE-2014-0179libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a ...
CVE-2014-0028libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypa ...
CVE-2013-7336The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in lib ...
CVE-2013-6458Multiple race conditions in the (1) virDomainBlockStats, (2) virDomain ...
CVE-2013-6457The libxlDomainGetNumaParameters function in the libxl driver (libxl/l ...
CVE-2013-6456The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allow ...
CVE-2013-6436The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt ...
CVE-2013-5651The virBitmapParse function in util/virbitmap.c in libvirt before 1.1. ...
CVE-2013-4401The virConnectDomainXMLToNative API function in libvirt 1.1.0 through ...
CVE-2013-4400virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to ...
CVE-2013-4399The remoteClientFreeFunc function in daemon/remote.c in libvirt before ...
CVE-2013-4311libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x ...
CVE-2013-4297The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1. ...
CVE-2013-4296The remoteDispatchDomainMemoryStats function in daemon/remote.c in lib ...
CVE-2013-4292libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of servic ...
CVE-2013-4291The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1. ...
CVE-2013-4239The xenDaemonListDefinedDomains function in xen/xend_internal.c in lib ...
CVE-2013-4154The qemuAgentCommand function in libvirt before 1.1.1, when a guest ag ...
CVE-2013-4153Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qe ...
CVE-2013-2230The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows re ...
CVE-2013-2218Double free vulnerability in the virConnectListAllInterfaces method in ...
CVE-2013-1962The remoteDispatchStoragePoolListAllVolumes function in the storage po ...
CVE-2013-1766libvirt 1.0.2 and earlier sets the group owner to kvm for device files ...
CVE-2013-0170Use-after-free vulnerability in the virNetMessageFree function in rpc/ ...
CVE-2012-4423The virNetServerProgramDispatchCall function in libvirt before 0.10.2 ...
CVE-2012-3445The virTypedParameterArrayClear function in libvirt 0.9.13 does not pr ...
CVE-2012-2693libvirt, possibly before 0.9.12, does not properly assign USB devices ...
CVE-2011-4600The networkReloadIptablesRules function in network/bridge_driver.c in ...
CVE-2011-2511Integer overflow in libvirt before 0.9.3 allows remote authenticated u ...
CVE-2011-2178The virSecurityManagerGetPrivateData function in security/security_man ...
CVE-2011-1486libvirtd in libvirt before 0.9.0 does not use thread-safe error report ...
CVE-2011-1146libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restri ...
CVE-2010-2242Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improp ...
CVE-2010-2239Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images with ...
CVE-2010-2238Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-imag ...
CVE-2010-2237Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing s ...
CVE-2009-0036Buffer overflow in the proxyReadClientSocket function in proxy/libvirt ...
CVE-2008-5086Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a conn ...

Security announcements

DSA / DLADescription
DLA-1832-1libvirt - security update
DSA-4469-1libvirt - security update
DLA-1772-1libvirt - security update
DLA-1315-1libvirt - security update
DSA-4137-1libvirt - security update
DSA-4137-1libvirt - security update
DSA-4003-1libvirt - security update
DSA-3613-1libvirt - security update
DLA-541-1libvirt - security update
DSA-3038-1libvirt - security update
DSA-2846-1libvirt - several
DSA-2764-1libvirt - programming error
DSA-2650-1libvirt - files and device nodes ownership change to kvm group
DSA-2280-1libvirt - several
DSA-2280-1libvirt - several
DSA-2194-1libvirt - privilege escalation

Search for package or bug name: Reporting problems