Chrisen, Chris Marusich 写道:
In the meantime, should we revert to version 5.4.0 in Guix? I'm not sure if there are any security vulnerabilities between 5.4.0 and the most recent release, but this bug is currently preventing me from creating any VMs at all in Guix using virt-manager, which is pretty bad.
Yes! (which is why I originally updated this package): v5.5.0 (2019-07-02) Securityapi: Prevent access to several APIs over read-only connections Certain APIs give root-equivalent access to the host, and as such should be limited to privileged users. CVE-2019-10161,
CVE-2019-10166, CVE-2019-10167, CVE-2019-10168.
https://libvirt.org/news.html
It might be easy to backport. I didn't try, and I no longer use
libvirt myself.
What's weird (maybe; I haven't kept up with the thread) is that I used libvirt 5.5.0 (and yes, it was 5.5.0) for a while without problems. I don't remember whether I created any *new* VMs, though.
Kind regards, T G-R
signature.asc
Description: PGP signature
