Hello community, here is the log from the commit of package libvirt for openSUSE:11.4 checked in at Wed Mar 16 01:52:54 CET 2011.
-------- --- old-versions/11.4/all/libvirt/libvirt.changes 2011-02-25 20:42:14.000000000 +0100 +++ 11.4/libvirt/libvirt.changes 2011-03-15 22:51:31.000000000 +0100 @@ -1,0 +2,8 @@ +Tue Mar 15 09:37:20 MDT 2011 - [email protected] + +- VUL-0: libvirt: several API calls do not honour read-only + connection + 71753cb7-CVE-2011-1146.patch + bnc#678406 + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/libvirt Destination is old-versions/11.4/UPDATES/all/libvirt calling whatdependson for 11.4-i586 New: ---- 71753cb7-CVE-2011-1146.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.gR8g6r/_old 2011-03-16 01:52:49.000000000 +0100 +++ /var/tmp/diff_new_pack.gR8g6r/_new 2011-03-16 01:52:49.000000000 +0100 @@ -145,7 +145,7 @@ Group: Development/Libraries/C and C++ AutoReqProv: yes Version: 0.8.8 -Release: 0.<RELEASE2> +Release: 0.<RELEASE3> Summary: A C toolkit to interract with the virtualization capabilities of Linux # The client side, i.e. shared libs and virsh are in a subpackage Requires: %{name}-client = %{version}-%{release} @@ -170,6 +170,7 @@ Source1: libvirtd.init # Upstream patches Patch0: efc2594b-boot-param.patch +Patch1: 71753cb7-CVE-2011-1146.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch102: clone.patch @@ -285,6 +286,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %patch100 -p1 %patch102 %patch103 -p1 ++++++ 71753cb7-CVE-2011-1146.patch ++++++ commit 71753cb7f7a16ff800381c0b5ee4e99eea92fed3 Author: Guido Günther <[email protected]> Date: Mon Mar 14 10:56:28 2011 +0800 Add missing checks for read only connections As pointed on CVE-2011-1146, some API forgot to check the read-only status of the connection for entry point which modify the state of the system or may lead to a remote execution using user data. The entry points concerned are: - virConnectDomainXMLToNative - virNodeDeviceDettach - virNodeDeviceReAttach - virNodeDeviceReset - virDomainRevertToSnapshot - virDomainSnapshotDelete * src/libvirt.c: fix the above set of entry points to error on read-only connections Index: libvirt-0.8.8/src/libvirt.c =================================================================== --- libvirt-0.8.8.orig/src/libvirt.c +++ libvirt-0.8.8/src/libvirt.c @@ -3152,6 +3152,10 @@ char *virConnectDomainXMLToNative(virCon virDispatchError(NULL); return NULL; } + if (conn->flags & VIR_CONNECT_RO) { + virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } if (nativeFormat == NULL || domainXml == NULL) { virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__); @@ -9579,6 +9583,11 @@ virNodeDeviceDettach(virNodeDevicePtr de return -1; } + if (dev->conn->flags & VIR_CONNECT_RO) { + virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } + if (dev->conn->driver->nodeDeviceDettach) { int ret; ret = dev->conn->driver->nodeDeviceDettach (dev); @@ -9622,6 +9631,11 @@ virNodeDeviceReAttach(virNodeDevicePtr d return -1; } + if (dev->conn->flags & VIR_CONNECT_RO) { + virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } + if (dev->conn->driver->nodeDeviceReAttach) { int ret; ret = dev->conn->driver->nodeDeviceReAttach (dev); @@ -9667,6 +9681,11 @@ virNodeDeviceReset(virNodeDevicePtr dev) return -1; } + if (dev->conn->flags & VIR_CONNECT_RO) { + virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } + if (dev->conn->driver->nodeDeviceReset) { int ret; ret = dev->conn->driver->nodeDeviceReset (dev); @@ -12962,6 +12981,10 @@ virDomainRevertToSnapshot(virDomainSnaps } conn = snapshot->domain->conn; + if (conn->flags & VIR_CONNECT_RO) { + virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } if (conn->driver->domainRevertToSnapshot) { int ret = conn->driver->domainRevertToSnapshot(snapshot, flags); @@ -13008,6 +13031,10 @@ virDomainSnapshotDelete(virDomainSnapsho } conn = snapshot->domain->conn; + if (conn->flags & VIR_CONNECT_RO) { + virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } if (conn->driver->domainSnapshotDelete) { int ret = conn->driver->domainSnapshotDelete(snapshot, flags); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
