| Errata ID | 415 |
|---|---|
| Date | 2018-05-09 |
| Source package | libvirt |
| Fixed in version | 3.0.0-4~bpo8+deb9u2A~4.2.0.201805091348 |
| Description | This update addresses the following issues: * Null pointer dereference when updating storage size on empty drives (CVE-2017-2635) * libvirt is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default (CVE-2017-1000256) * Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) * guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init (CVE-2018-6764) |
| Additional notes | |
| CVE ID | CVE-2017-2635 CVE-2017-1000256 CVE-2018-1064 CVE-2018-6764 |
| UCS Bug number | #45635 |
