Hello community, here is the log from the commit of package libvirt for openSUSE:11.4 checked in at Tue Jun 14 18:25:57 CEST 2011.
-------- --- old-versions/11.4/UPDATES/all/libvirt/libvirt.changes 2011-04-06 17:48:05.000000000 +0200 +++ 11.4/libvirt/libvirt.changes 2011-06-06 19:28:47.000000000 +0200 @@ -1,0 +2,7 @@ +Mon Jun 6 11:23:13 MDT 2011 - [email protected] + +- VUL-0: libvirt: regression introduced in disk probe + b598ac55-CVE-2011-2178.patch + bnc#697904 + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 New: ---- b598ac55-CVE-2011-2178.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.KfWfsG/_old 2011-06-14 18:25:06.000000000 +0200 +++ /var/tmp/diff_new_pack.KfWfsG/_new 2011-06-14 18:25:06.000000000 +0200 @@ -145,7 +145,7 @@ Group: Development/Libraries/C and C++ AutoReqProv: yes Version: 0.8.8 -Release: 0.<RELEASE8> +Release: 0.<RELEASE10> Summary: A C toolkit to interract with the virtualization capabilities of Linux # The client side, i.e. shared libs and virsh are in a subpackage Requires: %{name}-client = %{version}-%{release} @@ -172,6 +172,7 @@ Patch0: efc2594b-boot-param.patch Patch1: 71753cb7-CVE-2011-1146.patch Patch2: f44bfb7f-CVE-2011-1486.patch +Patch3: b598ac55-CVE-2011-2178.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch102: clone.patch @@ -289,6 +290,7 @@ %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 %patch100 -p1 %patch102 %patch103 -p1 ++++++ b598ac55-CVE-2011-2178.patch ++++++ commit b598ac555c8fe67ffc39ac8ef25fe7e6b28ae3f2 Author: Eric Blake <[email protected]> Date: Thu May 26 08:18:46 2011 -0600 security: plug regression introduced in disk probe logic Regression introduced in commit d6623003 (v0.8.8) - using the wrong sizeof operand meant that security manager private data was overlaying the allowDiskFormatProbing member of struct _virSecurityManager. This reopens disk probing, which was supposed to be prevented by the solution to CVE-2010-2238. * src/security/security_manager.c (virSecurityManagerGetPrivateData): Use correct offset. diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 0246dd8..6f0becd 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -107,7 +107,9 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name, void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr) { - return ((char*)mgr) + sizeof(mgr); + /* This accesses the memory just beyond mgr, which was allocated + * via VIR_ALLOC_VAR earlier. */ + return mgr + 1; } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
