Re: libvirt / CVE-2019-3886

Tue, 09 Apr 2019 00:41:51 -0700 

Brian May <[email protected]> writes:

> Ok, so it does sound like I should make this change too.

Updated patch attached.
-- 
Brian May <[email protected]>

diff -Nru libvirt-1.2.9/debian/changelog libvirt-1.2.9/debian/changelog
--- libvirt-1.2.9/debian/changelog	2018-03-13 06:51:52.000000000 +1100
+++ libvirt-1.2.9/debian/changelog	2019-04-08 17:29:21.000000000 +1000
@@ -1,3 +1,11 @@
+libvirt (1.2.9-9+deb8u6) jessie-security; urgency=high
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2019-3886: Ensure get hostname and get time RPC calls require write
+    access.
+
+ -- Brian May <[email protected]>  Mon, 08 Apr 2019 17:29:21 +1000
+
 libvirt (1.2.9-9+deb8u5) jessie-security; urgency=high
 
   * Switch gbp.conf to jessie
diff -Nru libvirt-1.2.9/debian/patches/CVE-2019-3886.patch libvirt-1.2.9/debian/patches/CVE-2019-3886.patch
--- libvirt-1.2.9/debian/patches/CVE-2019-3886.patch	1970-01-01 10:00:00.000000000 +1000
+++ libvirt-1.2.9/debian/patches/CVE-2019-3886.patch	2019-04-08 17:29:21.000000000 +1000
@@ -0,0 +1,39 @@
+--- a/src/libvirt.c
++++ b/src/libvirt.c
+@@ -20994,6 +20994,8 @@
+     virResetLastError();
+ 
+     virCheckDomainReturn(domain, NULL);
++    virCheckReadOnlyGoto(domain->conn->flags, error);
++
+     conn = domain->conn;
+ 
+     if (conn->driver->domainGetHostname) {
+@@ -21229,6 +21231,7 @@
+     virResetLastError();
+ 
+     virCheckDomainReturn(dom, -1);
++    virCheckReadOnlyGoto(domain->conn->flags, error);
+ 
+     if (dom->conn->driver->domainGetTime) {
+         int ret = dom->conn->driver->domainGetTime(dom, seconds,
+--- a/src/remote/remote_protocol.x
++++ b/src/remote/remote_protocol.x
+@@ -5049,7 +5049,7 @@
+ 
+     /**
+      * @generate: both
+-     * @acl: domain:read
++     * @acl: domain:write
+      */
+     REMOTE_PROC_DOMAIN_GET_HOSTNAME = 277,
+ 
+@@ -5444,7 +5444,7 @@
+ 
+     /**
+      * @generate: none
+-     * @acl: domain:read
++     * @acl: domain:write
+      */
+     REMOTE_PROC_DOMAIN_GET_TIME = 337,
+ 
diff -Nru libvirt-1.2.9/debian/patches/series libvirt-1.2.9/debian/patches/series
--- libvirt-1.2.9/debian/patches/series	2018-03-13 06:00:35.000000000 +1100
+++ libvirt-1.2.9/debian/patches/series	2019-04-08 17:25:13.000000000 +1000
@@ -37,3 +37,4 @@
 upstream/qemu-Specify-format-iff-disk-source-is-not-empty.patch
 security/CVE-2018-5748-qemu-avoid-denial-of-service-reading-from-Q.patch
 security/CVE-2018-1064-qemu-avoid-denial-of-service-reading-from-Q.patch
+CVE-2019-3886.patch

Reply via email to