Accepted libvirt 1.2.9-9+deb8u7 (source amd64 all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 24 Jun 2019 20:08:51 +0100
Source: libvirt
Binary: libvirt-bin libvirt-clients libvirt-daemon libvirt-daemon-system libvirt0 libvirt0-dbg libvirt-doc libvirt-dev libvirt-sanlock
Architecture: source amd64 all
Version: 1.2.9-9+deb8u7
Distribution: jessie-security
Urgency: high
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
libvirt-bin - programs for the libvirt library
libvirt-clients - programs for the libvirt library
libvirt-daemon - programs for the libvirt library
libvirt-daemon-system - Libvirt daemon configuration files
libvirt-dev - development files for the libvirt library
libvirt-doc - documentation for the libvirt library
libvirt-sanlock - library for interfacing with different virtualization systems
libvirt0 - library for interfacing with different virtualization systems
libvirt0-dbg - library for interfacing with different virtualization systems
Changes:
libvirt (1.2.9-9+deb8u7) jessie-security; urgency=high
.
* CVE-2019-10161: Prevent an vulnerability where readonly clients could use
the API to specify an arbitrary path which would be accessed with the
permissions of the libvirtd process. An attacker with access to the
libvirtd socket could use this to probe the existence of arbitrary files,
cause a denial of service or otherwise cause libvirtd to execute arbitrary
programs.
* CVE-2019-10167: Prevent an arbitrary code execution vulnerability via the
API where a user-specified binary used to probe the domain's capabilities.
read-only clients could specify an arbitrary path for this argument,
causing libvirtd to execute a crafted executable with its own privileges.
Checksums-Sha1:
44a05f062a62420831d7ed389a4179ee23a59196 3623 libvirt_1.2.9-9+deb8u7.dsc
f2de4cda8640b3abb13e6b30dd4882cc7e7b39e3 30154430 libvirt_1.2.9.orig.tar.gz
a02b5d33ee5d326c670302d5579944e13307f422 63292 libvirt_1.2.9-9+deb8u7.debian.tar.xz
134b6e6ae40415b4bae56e4a8ba3c4b3d5c20a6a 37656 libvirt-bin_1.2.9-9+deb8u7_amd64.deb
78463bb5ef18f2e665ca224240993987adbab268 525996 libvirt-clients_1.2.9-9+deb8u7_amd64.deb
015c36b46e194e26eb0647284c56e4cc5ddd6423 1853148 libvirt-daemon_1.2.9-9+deb8u7_amd64.deb
ef83fdc76ba1efe189ffc4eb6fc6a38dcd9311da 148976 libvirt-daemon-system_1.2.9-9+deb8u7_amd64.deb
250fa0ee2e4434ae2a66c87f65c8ed1073640703 2972746 libvirt0_1.2.9-9+deb8u7_amd64.deb
39536c11ad59aab082dda0aa26b76b2b0ab36691 5155624 libvirt0-dbg_1.2.9-9+deb8u7_amd64.deb
d268366ecc650497ffa1dfcb5a6fc96cf7b55964 1211852 libvirt-doc_1.2.9-9+deb8u7_all.deb
2f764e61917e2026a96c6dcaf431b00e18dc67c6 145112 libvirt-dev_1.2.9-9+deb8u7_amd64.deb
d6441d0ce63ddfe0a63d50ccf500a033b2929660 69938 libvirt-sanlock_1.2.9-9+deb8u7_amd64.deb
Checksums-Sha256:
f161e6b30da568646e4c2740386c95e9d24512b02ce429506b8d300b254007c7 3623 libvirt_1.2.9-9+deb8u7.dsc
95931a5a52f451b9ab73d6a5ae11a5740e1ba69a66520c2a0cffc6068a7e8fc4 30154430 libvirt_1.2.9.orig.tar.gz
c48f9f75d711d94b435fa028e060b8427fce7c9fe357c1c7b05c4f6d13fd8f0b 63292 libvirt_1.2.9-9+deb8u7.debian.tar.xz
71915f9bb427d7eaed1b713c1c363134eedb119cdb5ef4ff3631455b1cb045a8 37656 libvirt-bin_1.2.9-9+deb8u7_amd64.deb
416c50bd53657d7eb1d0865c8ca24048350257ada001246771b23d3121f78a10 525996 libvirt-clients_1.2.9-9+deb8u7_amd64.deb
4bec3673a471f0a29362874c1a00a6eea8cd96d7993c3522882904f8d7bf0393 1853148 libvirt-daemon_1.2.9-9+deb8u7_amd64.deb
ea44273e2b9f3b6bfaa6463bf8fb6c4d916e680a653ef3f3577007f2f57749cf 148976 libvirt-daemon-system_1.2.9-9+deb8u7_amd64.deb
ef0a186aa7be9ce66132af9a88db354dfce2c04796fadfb70982d3955ada0911 2972746 libvirt0_1.2.9-9+deb8u7_amd64.deb
e216198994a5c61105f423f342012ddac1ea9a1af41e8aff3be44ff91e05ba05 5155624 libvirt0-dbg_1.2.9-9+deb8u7_amd64.deb
0a5d0e9e8f0b7d162999a9066faf584179491c0411571b1badb4500eb53a504f 1211852 libvirt-doc_1.2.9-9+deb8u7_all.deb
a99181ccfb0daa3a8338664aae6e7a60a7efbcc88658ae87a87ead7843b1312b 145112 libvirt-dev_1.2.9-9+deb8u7_amd64.deb
4c4eeafc695b6772e033b1d339380ec34bed9557b8ba9eb8c88831a9465ae205 69938 libvirt-sanlock_1.2.9-9+deb8u7_amd64.deb
Files:
a9e704f56d2eb23ace5df54525abf5ef 3623 libs optional libvirt_1.2.9-9+deb8u7.dsc
f017075995062ff1d15577b0b093d02e 30154430 libs optional libvirt_1.2.9.orig.tar.gz
c6d23a4e93f35feed07371610ed5b1f6 63292 libs optional libvirt_1.2.9-9+deb8u7.debian.tar.xz
54727513a89511c1e3686ee181abeb00 37656 oldlibs extra libvirt-bin_1.2.9-9+deb8u7_amd64.deb
affdb3a421e9d09db62088efb2eac3aa 525996 admin optional libvirt-clients_1.2.9-9+deb8u7_amd64.deb
6894512a8084dc63a0f8242802c0b71f 1853148 admin optional libvirt-daemon_1.2.9-9+deb8u7_amd64.deb
f78f6b3d1d13595f2f0a6b16629c1e82 148976 admin optional libvirt-daemon-system_1.2.9-9+deb8u7_amd64.deb
44c172776c93c65f4ceb2004c76bf28b 2972746 libs optional libvirt0_1.2.9-9+deb8u7_amd64.deb
bd20695843d41760347340cf63a1043c 5155624 debug extra libvirt0-dbg_1.2.9-9+deb8u7_amd64.deb
4dc537982a2900b8f855315760f0e3f7 1211852 doc optional libvirt-doc_1.2.9-9+deb8u7_all.deb
6fe239a7e2c65d8a31dcbca91b2f0c44 145112 libdevel optional libvirt-dev_1.2.9-9+deb8u7_amd64.deb
cecabc8269907ce9603c0cc127425ad7 69938 libs extra libvirt-sanlock_1.2.9-9+deb8u7_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl0RI9EACgkQHpU+J9Qx
Hlj6Yw/+PslrmzKQ+EhKQi6uqXZyA09LMpjdJCWFTcFnEhf26YHa40QPUSXy7HNf
mGPJ5U47veaGcYFboD3lS7UD+Tbskc58b8Ea+KkBV70CBGs/wc2VZCiNVLjpwf1Z
S6NycxgTiIjv4sizLxVoNJLdVVzM7gT/0etF9UCEtXp+p9zST8x+3/zweFSuQbba
3VBce2HsoXW+Xi/E0uTElvXHYwe6GhIm9isF3/RTbt8N6opwMG8rck2032TRwX0L
iE59M2vgnUT/9IeFYUTgxaElNP5enarpRLVFE/BJe6CjC49iNCXQkhCV/XKl2MwC
lZ+pfy/Q3tOAT9LZvqpTuICxAz/+PZ7isERx2tt1e7iA134lJIxwrhFuEPCbSMh9
Mgh1jp2Y69khOw3RqR4cWu1/ziwVhy7d2J0fBHuCLkgEOiShJnuUSwlTsXW8gU1F
lSIMLIUAt+edqlBl60NMTrDkNFOLS31LxpvuNTKE04MqqoOx3AfDChtjBYuY+Kkf
1Qos0Oe1tg3V5/ep6nZgUKZ/amB0e8JZ5Qxbg2qEuvQi2/lBJKau/VIbuaPBDShk
PfB1nc7PX14GpbTUFaHo7Hi4D3Tt4PFQsMsLR4uix8/nf4eCr5icatCQAxn1WqiT
sV9aKsWk3+ToG7M6aPUobz7cj74eFvcWu87xrWggHMw9zZgfbpI=
=mdX+
-----END PGP SIGNATURE-----
Reply to: