-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libvirt Version : 1.2.9-9+deb8u6 CVE ID : CVE-2016-10746
libvirt-domain.c in libvirt supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required. This could lead to could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. For Debian 8 "Jessie", this problem has been fixed in version 1.2.9-9+deb8u6. We recommend that you upgrade your libvirt packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAlzIAG0ACgkQKpJZkldk Svp/hRAAj+8Bvz9WlBSO6fkxq+EfEW7Pyjpu5ILwj5SxJnb6psRbLYZ0pUbEFg+T j92VRe4emL5ioUfFAxGD0ADfch4Ek+ZjOh5NySjcSzYg4ey224XgtiWJYkpIwVWz gK9eNBbfMSCKJh1AoMKgo+BLsrGaRqQkyqDXDRpPtdg/Nm8egSTB7ijcFZwdD0vD swDvQfuM98+IF2PRbKp8QZZn3zXF5nlFBzT5GdIk2ZN3dBjp36hT3F0FyC2vravA sJ6ExupLYeElTfUoQeaShSUdxxX7rXzIBBAB3Mhm0YPXI58WYwJajsMZMFh15ZrL uiZSt9v9fK9jaX5952qwY4cqPLw4sGQGfER/HvpGCt7HZWo/oJhXNPiGIK5ocwB2 YRtkHv2OhhyJrxuMxxZE7jO0zT1XmShG9kP8zic8iscuPK1MwXG8lukukz5rFxP4 N2yTzHbshRhbd0mGLVzuPu3wAzf5zGkS1YHDRLtDm1sQaBoMsYrnMjszVwYsD+uK pVBW0Xg2QzOkh/DhkcdKvW92+usOJB19LqMaVwXI9DOa9i3u5LVIxe/g8r43Gre8 NCeP23R+L7ZOrEoPm9SoACCdr0SM1iosODCOiR7UhdpVVqAXOqoSDGNw5/pN6CAJ ifkk2NvWzF2uH/Tl57cLMXTbjzPMxmtHA/a0dGfKXv/OxqWoyTE= =1bgQ -----END PGP SIGNATURE-----
