Hello community,

here is the log from the commit of package libvirt for openSUSE:11.4
checked in at Wed Mar 16 01:52:54 CET 2011.



--------
--- old-versions/11.4/all/libvirt/libvirt.changes       2011-02-25 
20:42:14.000000000 +0100
+++ 11.4/libvirt/libvirt.changes        2011-03-15 22:51:31.000000000 +0100
@@ -1,0 +2,8 @@
+Tue Mar 15 09:37:20 MDT 2011 - [email protected]
+
+- VUL-0: libvirt: several API calls do not honour read-only
+  connection
+  71753cb7-CVE-2011-1146.patch
+  bnc#678406
+
+-------------------------------------------------------------------

Package does not exist at destination yet. Using Fallback 
old-versions/11.4/all/libvirt
Destination is old-versions/11.4/UPDATES/all/libvirt
calling whatdependson for 11.4-i586


New:
----
  71753cb7-CVE-2011-1146.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libvirt.spec ++++++
--- /var/tmp/diff_new_pack.gR8g6r/_old  2011-03-16 01:52:49.000000000 +0100
+++ /var/tmp/diff_new_pack.gR8g6r/_new  2011-03-16 01:52:49.000000000 +0100
@@ -145,7 +145,7 @@
 Group:          Development/Libraries/C and C++
 AutoReqProv:    yes
 Version:        0.8.8
-Release:        0.<RELEASE2>
+Release:        0.<RELEASE3>
 Summary:        A C toolkit to interract with the virtualization capabilities 
of Linux
 # The client side, i.e. shared libs and virsh are in a subpackage
 Requires:       %{name}-client = %{version}-%{release}
@@ -170,6 +170,7 @@
 Source1:        libvirtd.init
 # Upstream patches
 Patch0:         efc2594b-boot-param.patch
+Patch1:         71753cb7-CVE-2011-1146.patch
 # Need to go upstream
 Patch100:       xen-name-for-devid.patch
 Patch102:       clone.patch
@@ -285,6 +286,7 @@
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 %patch100 -p1
 %patch102
 %patch103 -p1

++++++ 71753cb7-CVE-2011-1146.patch ++++++
commit 71753cb7f7a16ff800381c0b5ee4e99eea92fed3
Author: Guido Günther <[email protected]>
Date:   Mon Mar 14 10:56:28 2011 +0800

    Add missing checks for read only connections
    
    As pointed on CVE-2011-1146, some API forgot to check the read-only
    status of the connection for entry point which modify the state
    of the system or may lead to a remote execution using user data.
    The entry points concerned are:
      - virConnectDomainXMLToNative
      - virNodeDeviceDettach
      - virNodeDeviceReAttach
      - virNodeDeviceReset
      - virDomainRevertToSnapshot
      - virDomainSnapshotDelete
    
    * src/libvirt.c: fix the above set of entry points to error on read-only
                     connections

Index: libvirt-0.8.8/src/libvirt.c
===================================================================
--- libvirt-0.8.8.orig/src/libvirt.c
+++ libvirt-0.8.8/src/libvirt.c
@@ -3152,6 +3152,10 @@ char *virConnectDomainXMLToNative(virCon
         virDispatchError(NULL);
         return NULL;
     }
+    if (conn->flags & VIR_CONNECT_RO) {
+        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
 
     if (nativeFormat == NULL || domainXml == NULL) {
         virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__);
@@ -9579,6 +9583,11 @@ virNodeDeviceDettach(virNodeDevicePtr de
         return -1;
     }
 
+    if (dev->conn->flags & VIR_CONNECT_RO) {
+        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
+
     if (dev->conn->driver->nodeDeviceDettach) {
         int ret;
         ret = dev->conn->driver->nodeDeviceDettach (dev);
@@ -9622,6 +9631,11 @@ virNodeDeviceReAttach(virNodeDevicePtr d
         return -1;
     }
 
+    if (dev->conn->flags & VIR_CONNECT_RO) {
+        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
+
     if (dev->conn->driver->nodeDeviceReAttach) {
         int ret;
         ret = dev->conn->driver->nodeDeviceReAttach (dev);
@@ -9667,6 +9681,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
         return -1;
     }
 
+    if (dev->conn->flags & VIR_CONNECT_RO) {
+        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
+
     if (dev->conn->driver->nodeDeviceReset) {
         int ret;
         ret = dev->conn->driver->nodeDeviceReset (dev);
@@ -12962,6 +12981,10 @@ virDomainRevertToSnapshot(virDomainSnaps
     }
 
     conn = snapshot->domain->conn;
+    if (conn->flags & VIR_CONNECT_RO) {
+        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
 
     if (conn->driver->domainRevertToSnapshot) {
         int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
@@ -13008,6 +13031,10 @@ virDomainSnapshotDelete(virDomainSnapsho
     }
 
     conn = snapshot->domain->conn;
+    if (conn->flags & VIR_CONNECT_RO) {
+        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
 
     if (conn->driver->domainSnapshotDelete) {
         int ret = conn->driver->domainSnapshotDelete(snapshot, flags);

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to