June 2019 - Announce - Libvirt List Archives

[Libvirt-announce] Entering freeze for libvirt-5.5.0

by Daniel Veillard

As planned I tagged RC1 in git and pushed signed tarball and source rpm to the usual place: https://libvirt.org/sources/ I'm on the road with even less testing capacity than usual, but https://ci.centos.org/view/libvirt/ looks rather green except for some go bindings so I assume we are in pretty good shape, i.e. it will hopefully compile and run for most of you :-) I hope to be back on Fraiday and make an evening release again, then if all goes fine we can push on Mon or Tuesday, please give it some testing, thanks, Daniel -- Daniel Veillard | Red Hat Developers Tools http://developer.redhat.com/ veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/

4 years, 10 months

1
1
0 / 0

[Libvirt-announce] LSN-2019-0007: virConnect*HypervisorCPU do not check for read-only connection

by Ján Tomko

Libvirt Security Notice: LSN-2019-0007 ====================================== Summary: virConnect*HypervisorCPU do not check for read-only connection Reported on: 20190604 Published on: 20190620 Fixed on: 20190620 Reported by: Ján Tomko <jtomko(a)redhat.com> Patched by: Ján Tomko <jtomko(a)redhat.com> See also: CVE-2019-10168 Description ----------- The virConnect*HypervisorCPU APIs allow reporting CPU capabilities from arbitrary emulator binaries without checking for a read-only connection. This allows unprivileged users to execute arbitrary binaries with elevated privileges. Impact ------ The default libvirt configuration allows all local user accounts read-only access to the libvirtd daemon. Any local user can provide an arbitrary emulator, executing arbitrary binaries as the configured QEMU user. Since v5.1.0, the emulator binary is run with CAP_DAC_OVERRIDE, essentially having root privileges. Workaround ---------- Edit the /etc/libvirt/libvirtd.conf configuration file, to set the 'unix_sock_ro_perms = "0700"' to prevent local users from connecting to libvirt. Alternatively setup a policy kit rule to prevent them access without first authenticating as root. Affected product ---------------- Name: libvirt Repository: git://libvirt.org/git/libvirt.git http://libvirt.org/git/?p=libvirt.git Branch: master Broken in: v4.4.0 Broken in: v4.5.0 Broken in: v4.6.0 Broken in: v4.7.0 Broken in: v4.8.0 Broken in: v4.9.0 Broken in: v4.10.0 Broken in: v5.0.0 Broken in: v5.1.0 Broken in: v5.2.0 Broken in: v5.3.0 Broken in: v5.4.0 Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2 Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a Fixed by: bf6c2830b6c338b1f5699b095df36f374777b291 Branch: v4.4-maint Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2 Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a Fixed by: a6116fc8618300f6e2a082396812363310d1420f Branch: v4.5-maint Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2 Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a Fixed by: 415cc5c0644304fd1e1bb721a092cf65e07be79f Branch: v4.6-maint Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2 Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a Fixed by: 890965e8943a8837b41c3c6f366135ccfef48fb3 Branch: v4.7-maint Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2 Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a Fixed by: f5ace9c05d59b70d4899199a187cb32ec6f600d8 Branch: v4.8-maint Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2 Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a Fixed by: fc30929ffdf339d920b2e2183faf4373920bff6f Branch: v4.9-maint Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2 Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a Fixed by: dd88b69a207c1ed6e89d7e9fa6b5f4a9ec4db97c Branch: v4.10-maint Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2 Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a Fixed by: 09c2635d0deec198de0f250abc2958f2d1c09eaa Branch: v5.0-maint Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2 Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a Fixed by: 1ef98539a655109480628c91feac48c3c69675ef Branch: v5.1-maint Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2 Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a Fixed by: 2a3f95a40725f743b5189868bcc1a78d922517f6 Branch: v5.1.0-maint Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2 Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a Branch: v5.2-maint Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2 Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a Fixed by: 45ae5e529d4e886f47dacca9dfe5a08d95a3425a Branch: v5.3-maint Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2 Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a Fixed by: d8e4d13446a0b04b757bd28c242a4cfecaaa8f1e

4 years, 10 months

1
0
0 / 0

[Libvirt-announce] LSN-2019-0006: virConnectGetDomainCapabilities does not check for read-only connection

by Ján Tomko

Libvirt Security Notice: LSN-2019-0006 ====================================== Summary: virConnectGetDomainCapabilities does not check for read-only connection Reported on: 20190604 Published on: 20190620 Fixed on: 20190620 Reported by: Ján Tomko <jtomko(a)redhat.com> Patched by: Ján Tomko <jtomko(a)redhat.com> See also: CVE-2019-10167 Description ----------- The virConnectGetDomainCapabilities API reports the domain capabilities XML without checking for a read-only connection. This allows unprivileged users to execute arbitrary binaries with elevated privileges. Impact ------ The default libvirt configuration allows all local user accounts read-only access to the libvirtd daemon. Any local user can provide an arbitrary emulator, executing arbitrary binaries as the configured QEMU user. Since v5.1.0, the emulator binary is run with CAP_DAC_OVERRIDE, essentially having root privileges. Workaround ---------- Edit the /etc/libvirt/libvirtd.conf configuration file, to set the 'unix_sock_ro_perms = "0700"' to prevent local users from connecting to libvirt. Alternatively setup a policy kit rule to prevent them access without first authenticating as root. Affected product ---------------- Name: libvirt Repository: git://libvirt.org/git/libvirt.git http://libvirt.org/git/?p=libvirt.git Branch: master Broken in: v1.2.19 Broken in: v1.2.20 Broken in: v1.2.21 Broken in: v1.3.0 Broken in: v1.3.1 Broken in: v1.3.2 Broken in: v1.3.3 Broken in: v1.3.4 Broken in: v1.3.5 Broken in: v2.0.0 Broken in: v2.1.0 Broken in: v2.2.0 Broken in: v2.3.0 Broken in: v2.4.0 Broken in: v2.5.0 Broken in: v3.0.0 Broken in: v3.1.0 Broken in: v3.2.0 Broken in: v3.3.0 Broken in: v3.4.0 Broken in: v3.5.0 Broken in: v3.6.0 Broken in: v3.7.0 Broken in: v3.8.0 Broken in: v3.9.0 Broken in: v3.10.0 Broken in: v4.0.0 Broken in: v4.1.0 Broken in: v4.2.0 Broken in: v4.3.0 Broken in: v4.4.0 Broken in: v4.5.0 Broken in: v4.6.0 Broken in: v4.7.0 Broken in: v4.8.0 Broken in: v4.9.0 Broken in: v4.10.0 Broken in: v5.0.0 Broken in: v5.1.0 Broken in: v5.2.0 Broken in: v5.3.0 Broken in: v5.4.0 Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 8afa68bac0cf99d1f8aaa6566685c43c22622f26 Branch: v1.2.19-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 7d3b95b03880c8ade5f908dcb3d3c8b2d8e82a8f Branch: v1.2.20-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: c5cc88c32320d46f27521aac69027baa3d426ff2 Branch: v1.2.21-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: badcb3662a5b28d3ed01c8ceff496e6197d12e3c Branch: v1.3.0-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 6ba6bb236a7e293007eb21013d69f42dd1fb21c8 Branch: v1.3.1-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: be5d96d547ec54bc35e5eab6472ec900184ae837 Branch: v1.3.2-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: e433008df4867b43085961a0f8181ac9401e707b Branch: v1.3.3-maint Broken in: v1.3.3.1 Broken in: v1.3.3.2 Broken in: v1.3.3.3 Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: a663e28410aa853675b8b090a1ffafa7c8711ead Branch: v1.3.4-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: ab728b5658b307bcde90cf9e9d2e9c2cfb3e9de0 Branch: v1.3.5-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 5632ca00ef8b75ce600ebb7255d392339c07b967 Branch: v2.0-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 1e51b78a92fa2b381a5741599f4909c2516c0481 Branch: v2.1-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: e322b6f73dc2fb5eaab14406cc786361d17ffdc3 Branch: v2.2-maint Broken in: v2.2.1 Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: c97b296cf8b336ed1a3260af8c8bd79746cb2971 Branch: v3.0-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: bfea7de821a224782253061309e5005486b1b2f6 Branch: v3.2-maint Broken in: v3.2.1 Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 452fa3ae558bc842a88753fcdf0d1141a2fd212c Branch: v3.7-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: d47a396e995180fd54a0f84cf137f024159b7967 Branch: v4.1-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 585be8edbef5ce4ef30e6c20386358ca1ba8e344 Branch: v4.2-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 4ce590b007d80b41abd00aba95f73c04e71ff53b Branch: v4.3-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: f9b65fa812f6f121b7c5f5daa642f05310b4123c Branch: v4.4-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 15502d85dd21d7badeb230285898fa28f67cba9d Branch: v4.5-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: fd16bd525afeac6870ab3b747d9ee16002e2f1b2 Branch: v4.6-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 93edb0ea630556569320de83d45b100718f1391f Branch: v4.7-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 5441f05a42a90779b0df86518286bf527e94aafb Branch: v4.8-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 38a16f786794887cb2fd8e82d4b52e07a77d9f50 Branch: v4.9-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 6452b9fdff7988024a6157ca0a973ac3abf54468 Branch: v4.10-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: d238f132e6e0432a42d3cdff4571730dae3a85eb Branch: v5.0-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 58f237d696310f3ac62e98b3b5e9cb98e13064e9 Branch: v5.1-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: c5085b7a9031f899c7bef0d2630aa77c461b92a6 Branch: v5.1.0-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Branch: v5.2-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 4f50f36c0004af0faf0f535b46e2a1841c2443d8 Branch: v5.3-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 97a737c58ff6080bd0e149830b860ef32b3d2acb

4 years, 10 months

1
0
0 / 0

[Libvirt-announce] LSN-2019-0005: virDomainManagedSaveDefineXML does not check for read-only connection

by Ján Tomko

Libvirt Security Notice: LSN-2019-0005 ====================================== Summary: virDomainManagedSaveDefineXML does not check for read-only connection Reported on: 20190604 Published on: 20190620 Fixed on: 20190620 Reported by: Matthias Gerstner <mgerstner(a)suse.de> Patched by: Ján Tomko <jtomko(a)redhat.com> See also: CVE-2019-10166 Description ----------- The virDomainManagedSaveDefineXML API redefines the manage-saved domain XML without checking for a read-only connection. This allows unprivileged users to check for existence of arbitrary files or executing arbitrary binaries with elevated privileges. Impact ------ The default libvirt configuration allows all local user accounts read-only access to the libvirtd daemon. Any local user can provide an arbitrary emulator, executing arbitrary binaries as the configured QEMU user. Since v5.1.0, the emulator binary is run with CAP_DAC_OVERRIDE, essentially having root privileges. Workaround ---------- Edit the /etc/libvirt/libvirtd.conf configuration file, to set the 'unix_sock_ro_perms = "0700"' to prevent local users from connecting to libvirt. Alternatively setup a policy kit rule to prevent them access without first authenticating as root. Affected product ---------------- Name: libvirt Repository: git://libvirt.org/git/libvirt.git http://libvirt.org/git/?p=libvirt.git Branch: master Broken in: v3.7.0 Broken in: v3.8.0 Broken in: v3.9.0 Broken in: v3.10.0 Broken in: v4.0.0 Broken in: v4.1.0 Broken in: v4.2.0 Broken in: v4.3.0 Broken in: v4.4.0 Broken in: v4.5.0 Broken in: v4.6.0 Broken in: v4.7.0 Broken in: v4.8.0 Broken in: v4.9.0 Broken in: v4.10.0 Broken in: v5.0.0 Broken in: v5.1.0 Broken in: v5.2.0 Broken in: v5.3.0 Broken in: v5.4.0 Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: db0b78457f183e4c7ac45bc94de86044a1e2056a Branch: v3.7-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: e7d9c8899fc7751201b46b6cf6bff4eadb38af2f Branch: v4.1-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: d9a1f3debad411756f53ab8ab81e44ab0bb50e0a Branch: v4.2-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: 1813138f6b00058285e325191d50c41ace39e5b3 Branch: v4.3-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: 9816854ac4e5ccd87cf82320b4550671e75f6509 Branch: v4.4-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: e777cce08e069e29deedec540d463ed70c29e92c Branch: v4.5-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: d025c10d54975fe98927be85f33146e780c28d52 Branch: v4.6-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: 00e673c93fc3d0cfed274cc7a1ec2c52260c8262 Branch: v4.7-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: 6da721ea37bf3624ff9922637cfa657d2dcb20f9 Branch: v4.8-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: 6dc29a174ae204b1ae13fed0f533818ad6d24b9f Branch: v4.9-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: 0a744e15517d727c7f473fabe32ca6b0dbb7b7d1 Branch: v4.10-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: 3f744efec31959f7643849f6a3708198bcdfc6ae Branch: v5.0-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: a064d492272bcb0029b140ec4e18fce1ac0ec5b2 Branch: v5.1-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: 58c7c3fc4a0f15544c2054ed4682ff5d740681ab Branch: v5.1.0-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Branch: v5.2-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: 96bca3af450cc62183b91a361f7024f93126bc49 Branch: v5.3-maint Broken by: 1558f2584fd9b32c7903238bff2c9f12ba406ba6 Fixed by: f4dabe99f7f46520f2967f3e068fcbeb54e617df

4 years, 10 months

1
0
0 / 0

[Libvirt-announce] LSN-2019-0004 virDomainSaveImageGetXMLDesc does not check for read-only connection

by Ján Tomko

Libvirt Security Notice: LSN-2019-0004 ====================================== Summary: virDomainSaveImageGetXMLDesc does not check for read-only connection Reported on: 20190604 Published on: 20190620 Fixed on: 20190620 Reported by: Matthias Gerstner <mgerstner(a)suse.de> Patched by: Ján Tomko <Ján Tomko> See also: CVE-2019-10161 Description ----------- The virDomainSaveImageGetXMLDesc accesses and parses arbitrary files without checking for the read-only connection. This allows unprivileged users to check for existence of arbitrary files or executing arbitrary binaries with elevated privileges. Impact ------ The default libvirt configuration allows all local user accounts read-only access to the libvirtd daemon. Any local user can check for the existence of an arbitrary file by watching for a different error message. Additionally, since v1.2.19, by providing a crafted save file pointing to an arbitrary emulator, executing arbitrary binaries as the configured QEMU user is possible. Since v5.1.0, the emulator binary is run with CAP_DAC_OVERRIDE, essentially having root privileges. Workaround ---------- Edit the /etc/libvirt/libvirtd.conf configuration file, to set the 'unix_sock_ro_perms = "0700"' to prevent local users from connecting to libvirt. Alternatively setup a policy kit rule to prevent them access without first authenticating as root. Affected product ---------------- Name: libvirt Repository: git://libvirt.org/git/libvirt.git http://libvirt.org/git/?p=libvirt.git Branch: master Broken in: v0.9.4 Broken in: v0.9.5 Broken in: v0.9.6 Broken in: v0.9.7 Broken in: v0.9.8 Broken in: v0.9.9 Broken in: v0.9.10 Broken in: v0.9.11 Broken in: v0.9.12 Broken in: v0.9.13 Broken in: v0.10.0 Broken in: v0.10.1 Broken in: v0.10.2 Broken in: v1.0.0 Broken in: v1.0.1 Broken in: v1.0.2 Broken in: v1.0.3 Broken in: v1.0.4 Broken in: v1.0.5 Broken in: v1.0.6 Broken in: v1.1.0 Broken in: v1.1.1 Broken in: v1.1.2 Broken in: v1.1.3 Broken in: v1.1.4 Broken in: v1.2.0 Broken in: v1.2.1 Broken in: v1.2.2 Broken in: v1.2.3 Broken in: v1.2.4 Broken in: v1.2.5 Broken in: v1.2.6 Broken in: v1.2.7 Broken in: v1.2.8 Broken in: v1.2.9 Broken in: v1.2.10 Broken in: v1.2.11 Broken in: v1.2.12 Broken in: v1.2.13 Broken in: v1.2.14 Broken in: v1.2.15 Broken in: v1.2.16 Broken in: v1.2.17 Broken in: v1.2.18 Broken in: v1.2.19 Broken in: v1.2.20 Broken in: v1.2.21 Broken in: v1.3.0 Broken in: v1.3.1 Broken in: v1.3.2 Broken in: v1.3.3 Broken in: v1.3.4 Broken in: v1.3.5 Broken in: v2.0.0 Broken in: v2.1.0 Broken in: v2.2.0 Broken in: v2.3.0 Broken in: v2.4.0 Broken in: v2.5.0 Broken in: v3.0.0 Broken in: v3.1.0 Broken in: v3.2.0 Broken in: v3.3.0 Broken in: v3.4.0 Broken in: v3.5.0 Broken in: v3.6.0 Broken in: v3.7.0 Broken in: v3.8.0 Broken in: v3.9.0 Broken in: v3.10.0 Broken in: v4.0.0 Broken in: v4.1.0 Broken in: v4.2.0 Broken in: v4.3.0 Broken in: v4.4.0 Broken in: v4.5.0 Broken in: v4.6.0 Broken in: v4.7.0 Broken in: v4.8.0 Broken in: v4.9.0 Broken in: v4.10.0 Broken in: v5.0.0 Broken in: v5.1.0 Broken in: v5.2.0 Broken in: v5.3.0 Broken in: v5.4.0 Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: aed6a032cead4386472afb24b16196579e239580 Branch: v0.9.6-maint Broken in: v0.9.6.1 Broken in: v0.9.6.2 Broken in: v0.9.6.3 Broken in: v0.9.6.4 Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v0.9.11-maint Broken in: v0.9.11.1 Broken in: v0.9.11.2 Broken in: v0.9.11.3 Broken in: v0.9.11.4 Broken in: v0.9.11.5 Broken in: v0.9.11.6 Broken in: v0.9.11.7 Broken in: v0.9.11.8 Broken in: v0.9.11.9 Broken in: v0.9.11.10 Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v0.9.12-maint Broken in: v0.9.12.1 Broken in: v0.9.12.2 Broken in: v0.9.12.3 Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v0.10.2-maint Broken in: v0.10.2.1 Broken in: v0.10.2.2 Broken in: v0.10.2.3 Broken in: v0.10.2.4 Broken in: v0.10.2.5 Broken in: v0.10.2.6 Broken in: v0.10.2.7 Broken in: v0.10.2.8 Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.0.0-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.0.1-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.0.2-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.0.3-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.0.4-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.0.5-maint Broken in: v1.0.5.1 Broken in: v1.0.5.2 Broken in: v1.0.5.3 Broken in: v1.0.5.4 Broken in: v1.0.5.5 Broken in: v1.0.5.6 Broken in: v1.0.5.7 Broken in: v1.0.5.8 Broken in: v1.0.5.9 Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.0.6-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.1.0-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.1.1-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.1.2-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.1.3-maint Broken in: v1.1.3.1 Broken in: v1.1.3.2 Broken in: v1.1.3.3 Broken in: v1.1.3.4 Broken in: v1.1.3.5 Broken in: v1.1.3.6 Broken in: v1.1.3.7 Broken in: v1.1.3.8 Broken in: v1.1.3.9 Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.1.4-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.0-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.1-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.2-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.3-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.4-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.5-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.6-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.7-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.8-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.9-maint Broken in: v1.2.9.1 Broken in: v1.2.9.2 Broken in: v1.2.9.3 Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.10-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.11-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.12-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.13-maint Broken in: v1.2.13.1 Broken in: v1.2.13.2 Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.14-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.15-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.16-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.17-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.18-maint Broken in: v1.2.18.1 Broken in: v1.2.18.2 Broken in: v1.2.18.3 Broken in: v1.2.18.4 Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v1.2.19-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 4e16e7a3fc44a14f27eda23e75bae75992339b3a Branch: v1.2.20-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 99ac102b8310adf50d16b62c533405eee6544cf2 Branch: v1.2.21-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: fa2016e751452163aa2e93baa6c9bfc239e31885 Branch: v1.3.0-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 470d6f5546fd027f9945845f6aad72f33c829be9 Branch: v1.3.1-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 980109c41c8bb55fd105809f2e063667721feaea Branch: v1.3.2-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 221397df7a5164bcc4d28f3157867db4894000d3 Branch: v1.3.3-maint Broken in: v1.3.3.1 Broken in: v1.3.3.2 Broken in: v1.3.3.3 Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: b22baef31258621b3bdb5036a84772bc6b6ec0a4 Branch: v1.3.4-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: a8ae178438be285b91c4871251ad1482c4e396df Branch: v1.3.5-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 70e83151456d386580708ade404ada41afac41dd Branch: v2.0-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: a9e40f23207f464c322f4250b1373ff50ca71a85 Branch: v2.1-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: dea40b42188e883c4118b02527f5c02a6fbbac59 Branch: v2.2-maint Broken in: v2.2.1 Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 97829dcb3889fd0a64ff32a72710303f59d7d5bf Branch: v3.0-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: fb8c9f1305d108e5a43e83b72a86e41abfdeda86 Branch: v3.2-maint Broken in: v3.2.1 Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: ff5c64b94133b7b54e7359c63e1c2972531a4f5f Branch: v3.7-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 8cf159fed436634a7607964eeecefee59be63b33 Branch: v4.1-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 1f8129c5db3952a57900b8cd1d94e629068e6aa5 Branch: v4.2-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 7312304ec0a50db539c6e1714f2c9b3a9e38daa7 Branch: v4.3-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 8832b8a44f960229c5aa0a803d26c0ab4aa827af Branch: v4.4-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: bafe00de3c62f3638e449ba62d4d88b56188bafe Branch: v4.5-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 6a028b6e8228dd19283042e5edef3a45133630e8 Branch: v4.6-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: a27659643b8ae9b26b52fc857cdc5b301184e26e Branch: v4.7-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 3352c8af264a7b9b741208790ecca0bbc6733f42 Branch: v4.8-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 56fadbbb25190d8ce0dcc54c550cc736a2fc5412 Branch: v4.9-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 568c735d7b0ccb55f9476c86f8603eb3a5c9fc5c Branch: v4.10-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 3572564893d1710beb1862797fe32cc2e9cb1e38 Branch: v5.0-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 6aa0c85be9f840a32fcec282185b5ed2513a3aa5 Branch: v5.1-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 111bb6555c5082ebba3de8e73a4e21a1573a5409 Branch: v5.1.0-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Branch: v5.2-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: 3d9c8914663549e0cc0e822fa29b0a3a5bbc0fbd Branch: v5.3-maint Broken by: d2a929d4b371a382d5508ae6bef80e392a34f8b9 Fixed by: dae676751cee86eaad880ee9c654823ce0e021ad

4 years, 10 months

1
0
0 / 0

[Libvirt-announce] Release of libvirt-5.4.0

by Daniel Veillard

It's out ! The release is tagged in git, and I provided signed tarball and source rpms to the usual place: https://libvirt.org/sources/ I also cut off a 5.4.0 release of the python bindings but code is same a 5.3.0 one, you can find signed tarball and source rpms at: https://libvirt.org/sources/python/ Main theme of this release is security, there is a set of advisory covered so users are invited to update, along with some improvements and bug fixes. Security: - cpu: Introduce support for the md-clear CPUID bit This bit is set when microcode provides the mechanism to invoke a flush of various exploitable CPU buffers by invoking the x86 VERW instruction. CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091. - Restrict user access to virt-admin, virtlogd and virtlockd The intended users for these facilities are the root user and the libvirtd service respectively, but these restrictions were not enforced correctly. CVE-2019-10132. Improvements: - test driver: Expand API coverage Several APIs that were missing from the test driver have now been implemented. - Avoid unnecessary static linking Most binaries shipped as part of libvirt, for example virtlogd and libvirt_iohelper, were embedding parts of the library even though they also linked against the libvirt.so dynamic library. This is no longer the case, which results in both the disk and memory footprint being reduced. - qemu: Report stat-htlb-pgalloc and stat-htlb-pgfail balloon stats These stats have been introduced in QEMU 3.0. Bug fixes: - qemu: Fix emulator scheduler support Setting the scheduler for QEMU's main thread before QEMU had a chance to start up other threads was misleading as it would affect other threads (vCPU and I/O) as well. In some particular situations this could also lead to an error when the thread for vCPU #0 was being moved to its cpu,cpuacct cgroup. This was fixed so that the scheduler for the main thread is set after QEMU starts. - apparmor: Allow hotplug of vhost-scsi devices Thanks everybody who contributed to this release, be it with bug reports, patches, reviews, docs ... Enjoy ! Daniel -- Daniel Veillard | Red Hat Developers Tools http://developer.redhat.com/ veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/

4 years, 11 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Announce June 2019