[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1772-1] libvirt security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libvirt
Version        : 1.2.9-9+deb8u6
CVE ID         : CVE-2016-10746


libvirt-domain.c in libvirt supports virDomainGetTime API calls by guest agents
with an RO connection, even though an RW connection was supposed to be
required.  This could lead to could lead to potentially disclosing unintended
information or denial of service by causing libvirt to block.

For Debian 8 "Jessie", this problem has been fixed in version
1.2.9-9+deb8u6.

We recommend that you upgrade your libvirt packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAlzIAG0ACgkQKpJZkldk
Svp/hRAAj+8Bvz9WlBSO6fkxq+EfEW7Pyjpu5ILwj5SxJnb6psRbLYZ0pUbEFg+T
j92VRe4emL5ioUfFAxGD0ADfch4Ek+ZjOh5NySjcSzYg4ey224XgtiWJYkpIwVWz
gK9eNBbfMSCKJh1AoMKgo+BLsrGaRqQkyqDXDRpPtdg/Nm8egSTB7ijcFZwdD0vD
swDvQfuM98+IF2PRbKp8QZZn3zXF5nlFBzT5GdIk2ZN3dBjp36hT3F0FyC2vravA
sJ6ExupLYeElTfUoQeaShSUdxxX7rXzIBBAB3Mhm0YPXI58WYwJajsMZMFh15ZrL
uiZSt9v9fK9jaX5952qwY4cqPLw4sGQGfER/HvpGCt7HZWo/oJhXNPiGIK5ocwB2
YRtkHv2OhhyJrxuMxxZE7jO0zT1XmShG9kP8zic8iscuPK1MwXG8lukukz5rFxP4
N2yTzHbshRhbd0mGLVzuPu3wAzf5zGkS1YHDRLtDm1sQaBoMsYrnMjszVwYsD+uK
pVBW0Xg2QzOkh/DhkcdKvW92+usOJB19LqMaVwXI9DOa9i3u5LVIxe/g8r43Gre8
NCeP23R+L7ZOrEoPm9SoACCdr0SM1iosODCOiR7UhdpVVqAXOqoSDGNw5/pN6CAJ
ifkk2NvWzF2uH/Tl57cLMXTbjzPMxmtHA/a0dGfKXv/OxqWoyTE=
=1bgQ
-----END PGP SIGNATURE-----


Reply to: