[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] ANNOUNCE: libvirt 1.0.5.6 maintenance release



On Fri, Sep 20, 2013 at 06:48:04PM -0400, Cole Robinson wrote:
> libvirt 1.0.5.6 maintenance release is now available. This is
> libvirt 1.0.5 with additional bugfixes that have accumulated
> upstream since the initial release.
> 
> This release can be downloaded at:
> 
> http://libvirt.org/sources/stable_updates/libvirt-1.0.5.6.tar.gz
> 
> Changes in this version:
> 
> * virsh: fix change-media bug on disk block type
> * Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296)
> * Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311)

The fix for this CVE is incomplete. There's a flaw in it affecting
the ACL code, which I've just posted a followup fix for

  https://www.redhat.com/archives/libvir-list/2013-September/msg01244.html

So we'll need a 1.0.5.7 release with this.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]