Debian Security Advisory

DLA-1315-1 libvirt -- LTS security update

Date Reported:
24 Mar 2018
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 887700.
In Mitre's CVE dictionary: CVE-2018-1064, CVE-2018-5748.
More information:

Daniel P. Berrange and Peter Krempa of Red Hat discovered a flaw in libvirt, a virtualization API. A lack of restriction for the amount of data read by QEMU Monitor socket can lead to a denial of service by exhaustion of memory resources.

For Debian 7 Wheezy, these problems have been fixed in version

We recommend that you upgrade your libvirt packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: