Errata overview
Errata ID 415
Date 2018-05-09
Source package libvirt
Fixed in version 3.0.0-4~bpo8+deb9u2A~
This update addresses the following issues:
* Null pointer dereference when updating storage size on empty drives
* libvirt is vulnerable to a bad default configuration of "verify-peer=no"
  passed to QEMU by libvirt resulting in a failure to validate SSL/TLS
  certificates by default (CVE-2017-1000256)
* Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent
* guest could inject executable code via loaded by libvirt_lxc
  before init (CVE-2018-6764)
Additional notes
CVE ID CVE-2017-2635
UCS Bug number #45635