In master, I tend to favour uprev's versus specific CVE patches. That being said, I have a lot of pending changes right now, and won't have time to uprev for a few more weeks, so I've gone ahead and merged the change.
Bruce In message: [meta-virtualization][PATCH] libvirt: fix CVE-2021-3667 on 23/11/2021 Xu, Yanfei wrote: > Backport a fix for CVE-2021-3667. > > The CVE discription: An improper locking issue was found in the > virStoragePoolLookupByTargetPath API of libvirt. It occurs in the > storagePoolLookupByTargetPath function where a locked virStoragePoolObj > object is not properly released on ACL permission failure. Clients > connecting to the read-write socket with limited ACL permissions could > use this flaw to acquire the lock and prevent other users from accessing > storage pool/volume APIs, resulting in a denial of service condition. > The highest threat from this vulnerability is to system availability. > > Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1986094 > > Signed-off-by: Yanfei Xu <[email protected]> > --- > ...nlock-object-on-ACL-fail-in-storageP.patch | 40 +++++++++++++++++++ > recipes-extended/libvirt/libvirt_7.2.0.bb | 1 + > 2 files changed, 41 insertions(+) > create mode 100644 > recipes-extended/libvirt/libvirt/0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch > > diff --git > a/recipes-extended/libvirt/libvirt/0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch > > b/recipes-extended/libvirt/libvirt/0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch > new file mode 100644 > index 00000000..608322d9 > --- /dev/null > +++ > b/recipes-extended/libvirt/libvirt/0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch > @@ -0,0 +1,40 @@ > +From d3e20e186ed531e196bb1529430f39b0c917e6dc Mon Sep 17 00:00:00 2001 > +From: Peter Krempa <[email protected]> > +Date: Wed, 21 Jul 2021 11:22:25 +0200 > +Subject: [PATCH] storage_driver: Unlock object on ACL fail in > + storagePoolLookupByTargetPath > + > +'virStoragePoolObjListSearch' returns a locked and refed object, thus we > +must release it on ACL permission failure. > + > +Fixes: 7aa0e8c0cb8 > +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318 > +Signed-off-by: Peter Krempa <[email protected]> > +Reviewed-by: Michal Privoznik <[email protected]> > + > +Upstream-status: Backport > +CVE-2021-3667 [https://bugzilla.redhat.com/show_bug.cgi?id=1986094] > +Signed-off-by: Yanfei Xu <[email protected]> > +--- > + src/storage/storage_driver.c | 4 +++- > + 1 file changed, 3 insertions(+), 1 deletion(-) > + > +diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c > +index ecb5b86b4f..de66f1f9e5 100644 > +--- a/src/storage/storage_driver.c > ++++ b/src/storage/storage_driver.c > +@@ -1739,8 +1739,10 @@ storagePoolLookupByTargetPath(virConnectPtr conn, > + > storagePoolLookupByTargetPathCallback, > + cleanpath))) { > + def = virStoragePoolObjGetDef(obj); > +- if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) > ++ if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) { > ++ virStoragePoolObjEndAPI(&obj); > + return NULL; > ++ } > + > + pool = virGetStoragePool(conn, def->name, def->uuid, NULL, NULL); > + virStoragePoolObjEndAPI(&obj); > +-- > +2.27.0 > + > diff --git a/recipes-extended/libvirt/libvirt_7.2.0.bb > b/recipes-extended/libvirt/libvirt_7.2.0.bb > index cc7bb2cb..4ec11fb5 100644 > --- a/recipes-extended/libvirt/libvirt_7.2.0.bb > +++ b/recipes-extended/libvirt/libvirt_7.2.0.bb > @@ -30,6 +30,7 @@ SRC_URI = > "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \ > file://gnutls-helper.py \ > file://0002-meson-Fix-compatibility-with-Meson-0.58.patch \ > file://0001-security-fix-SELinux-label-generation-logic.patch \ > + > file://0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch \ > " > > SRC_URI[libvirt.md5sum] = "92044b629216e44adce63224970a54a3" > -- > 2.27.0 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6920): https://lists.yoctoproject.org/g/meta-virtualization/message/6920 Mute This Topic: https://lists.yoctoproject.org/mt/87254570/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
