========================================================================== Ubuntu Security Notice USN-7047-1 January 08, 2026
libvirt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in libvirt. Software Description: - libvirt: Libvirt virtualization toolkit Details: It was discovered that libvirt parsed user-provided XML files before performing ACL checks. An attacker could possibly use this issue to cause libvirt to consume memory, resulting in a denial of service. (CVE-2025-12748) It was discovered that libvirt incorrectly handled permissions on external inactive snapshots. A local attacker could possibly use this issue to obtain sensitive guest contents. (CVE-2025-13193) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libvirt-daemon 11.6.0-1ubuntu3.2 libvirt-daemon-system 11.6.0-1ubuntu3.2 libvirt0 11.6.0-1ubuntu3.2 Ubuntu 25.04 libvirt-daemon 11.0.0-2ubuntu6.5 libvirt-daemon-system 11.0.0-2ubuntu6.5 libvirt0 11.0.0-2ubuntu6.5 Ubuntu 24.04 LTS libvirt-daemon 10.0.0-2ubuntu8.11 libvirt-daemon-system 10.0.0-2ubuntu8.11 libvirt0 10.0.0-2ubuntu8.11 Ubuntu 22.04 LTS libvirt-daemon 8.0.0-1ubuntu7.15 libvirt-daemon-system 8.0.0-1ubuntu7.15 libvirt0 8.0.0-1ubuntu7.15 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7047-1 CVE-2025-12748, CVE-2025-13193 Package Information: https://launchpad.net/ubuntu/+source/libvirt/11.6.0-1ubuntu3.2 https://launchpad.net/ubuntu/+source/libvirt/11.0.0-2ubuntu6.5 https://launchpad.net/ubuntu/+source/libvirt/10.0.0-2ubuntu8.11 https://launchpad.net/ubuntu/+source/libvirt/8.0.0-1ubuntu7.15
signature.asc
Description: OpenPGP digital signature
