ubuntu/+source/libvirt:applied/ubuntu/cosmic-security

Last commit made on 2019-07-08
Get this branch:
git clone -b applied/ubuntu/cosmic-security https://git.launchpad.net/ubuntu/+source/libvirt
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/cosmic-security
Repository:
lp:ubuntu/+source/libvirt

Recent commits

0c669e0... by Marc Deslauriers on 2019-07-02

Import patches-applied version 4.6.0-2ubuntu3.8 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 8ec51c288f895e664330a5c09b1b00638efd0e82
Unapplied parent: 58a0af5ce496bad4507a89512804c0d5b4c74834

New changelog entries:
  * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
    read-only connection
    - debian/patches/CVE-2019-10161.patch: add check to
      src/libvirt-domain.c, src/qemu/qemu_driver.c,
      src/remote/remote_protocol.x.
    - CVE-2019-10161
  * SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
    read-only connection
    - debian/patches/CVE-2019-10166.patch: add check to
      src/libvirt-domain.c.
    - CVE-2019-10166
  * SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
    read-only connection
    - debian/patches/CVE-2019-10167.patch: add check to
      src/libvirt-domain.c.
    - CVE-2019-10167
  * SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
    connection
    - debian/patches/CVE-2019-10168.patch: add checks to
      src/libvirt-host.c.
    - CVE-2019-10168

58a0af5... by Marc Deslauriers on 2019-07-02

[PATCH] api: disallow virConnect*HypervisorCPU on read-only connections

Gbp-Pq: CVE-2019-10168.patch.

95acb2c... by Marc Deslauriers on 2019-07-02

[PATCH] api: disallow virConnectGetDomainCapabilities on read-only connections

Gbp-Pq: CVE-2019-10167.patch.

7224001... by Marc Deslauriers on 2019-07-02

[PATCH] api: disallow virDomainManagedSaveDefineXML on read-only connections

Gbp-Pq: CVE-2019-10166.patch.

84ad757... by Marc Deslauriers on 2019-07-02

[PATCH] api: disallow virDomainSaveImageGetXMLDesc on read-only connections

Gbp-Pq: CVE-2019-10161.patch.

679c69a... by Marc Deslauriers on 2019-07-02

[PATCH] logging: restrict sockets to mode 0600

Gbp-Pq: CVE-2019-10132-3.patch.

9da8f31... by Marc Deslauriers on 2019-07-02

[PATCH] locking: restrict sockets to mode 0600

Gbp-Pq: CVE-2019-10132-2.patch.

9aa5582... by Marc Deslauriers on 2019-07-02

[PATCH] admin: reject clients unless their UID matches the current UID

Gbp-Pq: CVE-2019-10132-1.patch.

e50f289... by Marc Deslauriers on 2019-07-02

[PATCH] qemu: Add check for whether KVM nesting is enabled

Gbp-Pq: ubuntu/lp-1830268-refresh-capabilities-on-KVM-nesting.patch.

a66bdaa... by Marc Deslauriers on 2019-07-02

[PATCH] cpu_map: Define md-clear CPUID bit

Gbp-Pq: md-clear.patch.