Hello community, here is the log from the commit of package libvirt for openSUSE:11.3 checked in at Wed Mar 16 01:43:33 CET 2011.
-------- --- old-versions/11.3/UPDATES/all/libvirt/libvirt.changes 2011-01-18 23:46:24.000000000 +0100 +++ 11.3/libvirt/libvirt.changes 2011-03-15 18:38:18.000000000 +0100 @@ -1,0 +2,8 @@ +Tue Mar 15 09:37:20 MDT 2011 - [email protected] + +- VUL-0: libvirt: several API calls do not honour read-only + connection + 71753cb7-CVE-2011-1146.patch + bnc#678406 + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- 71753cb7-CVE-2011-1146.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.Y56daT/_old 2011-03-16 01:43:20.000000000 +0100 +++ /var/tmp/diff_new_pack.Y56daT/_new 2011-03-16 01:43:20.000000000 +0100 @@ -117,7 +117,7 @@ Group: Development/Libraries/C and C++ AutoReqProv: yes Version: 0.8.1 -Release: 4.<RELEASE4> +Release: 4.<RELEASE5> Summary: A C toolkit to interract with the virtualization capabilities of Linux # The client side, i.e. shared libs and virsh are in a subpackage Requires: %{name}-client = %{version}-%{release} @@ -168,6 +168,7 @@ Patch24: af521a01-hap3.patch Patch25: 79f56c66-hap4.patch Patch26: 094c6f4a-hap-fix.patch +Patch27: 71753cb7-CVE-2011-1146.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch102: clone.patch @@ -307,6 +308,7 @@ %patch24 -p1 %patch25 -p1 %patch26 -p1 +%patch27 -p1 %patch100 -p1 %patch102 %patch103 -p1 ++++++ 71753cb7-CVE-2011-1146.patch ++++++ commit 71753cb7f7a16ff800381c0b5ee4e99eea92fed3 Author: Guido Günther <[email protected]> Date: Mon Mar 14 10:56:28 2011 +0800 Add missing checks for read only connections As pointed on CVE-2011-1146, some API forgot to check the read-only status of the connection for entry point which modify the state of the system or may lead to a remote execution using user data. The entry points concerned are: - virConnectDomainXMLToNative - virNodeDeviceDettach - virNodeDeviceReAttach - virNodeDeviceReset - virDomainRevertToSnapshot - virDomainSnapshotDelete * src/libvirt.c: fix the above set of entry points to error on read-only connections Index: libvirt-0.8.1/src/libvirt.c =================================================================== --- libvirt-0.8.1.orig/src/libvirt.c +++ libvirt-0.8.1/src/libvirt.c @@ -3150,6 +3150,10 @@ char *virConnectDomainXMLToNative(virCon virDispatchError(NULL); return (NULL); } + if (conn->flags & VIR_CONNECT_RO) { + virLibDomainError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } if (nativeFormat == NULL || domainXml == NULL) { virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__); @@ -9348,6 +9352,11 @@ virNodeDeviceDettach(virNodeDevicePtr de return (-1); } + if (dev->conn->flags & VIR_CONNECT_RO) { + virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } + if (dev->conn->driver->nodeDeviceDettach) { int ret; ret = dev->conn->driver->nodeDeviceDettach (dev); @@ -9391,6 +9400,11 @@ virNodeDeviceReAttach(virNodeDevicePtr d return (-1); } + if (dev->conn->flags & VIR_CONNECT_RO) { + virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } + if (dev->conn->driver->nodeDeviceReAttach) { int ret; ret = dev->conn->driver->nodeDeviceReAttach (dev); @@ -9436,6 +9450,11 @@ virNodeDeviceReset(virNodeDevicePtr dev) return (-1); } + if (dev->conn->flags & VIR_CONNECT_RO) { + virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } + if (dev->conn->driver->nodeDeviceReset) { int ret; ret = dev->conn->driver->nodeDeviceReset (dev); @@ -12691,6 +12710,10 @@ virDomainRevertToSnapshot(virDomainSnaps } conn = snapshot->domain->conn; + if (conn->flags & VIR_CONNECT_RO) { + virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } if (conn->driver->domainRevertToSnapshot) { int ret = conn->driver->domainRevertToSnapshot(snapshot, flags); @@ -12737,6 +12760,10 @@ virDomainSnapshotDelete(virDomainSnapsho } conn = snapshot->domain->conn; + if (conn->flags & VIR_CONNECT_RO) { + virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } if (conn->driver->domainSnapshotDelete) { int ret = conn->driver->domainSnapshotDelete(snapshot, flags); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
