Comment 57 for bug 1890501
Revision history for this message
| melanie witt (melwitt) wrote Re: Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376) | #57 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
> Okay, so while deployments with libvirt < 1.3.4 shouldn't be affected, that's still effectively ~nobody where our supported releases+supported platforms are concerned?
I'm not sure I parse this sentence, so I'll try to clarify what I said earlier.
Deployments with libvirt < 1.3.4 might still have the vulnerability even after the fix, but we don't know for sure because (1) Ubuntu 16.04 is the only platform which supports < 1.3.4 and (2) devstack pulls packages from the Ubuntu Cloud Archive which brings in libvirt 3.6.0 for Ubuntu 16.04. So it is difficult to create such a deployment for testing and based on this we assume ~nobody is using libvirt < 1.3.4.
This fix is only targeted and tested for libvirt >= 1.3.4. No guarantees for libvirt < 1.3.4.