Hello community,
here is the log from the commit of package libvirt for openSUSE:11.3
checked in at Wed Mar 16 01:43:33 CET 2011.
--------
--- old-versions/11.3/UPDATES/all/libvirt/libvirt.changes 2011-01-18 23:46:24.000000000 +0100
+++ 11.3/libvirt/libvirt.changes 2011-03-15 18:38:18.000000000 +0100
@@ -1,0 +2,8 @@
+Tue Mar 15 09:37:20 MDT 2011 - jfehlig@novell.com
+
+- VUL-0: libvirt: several API calls do not honour read-only
+ connection
+ 71753cb7-CVE-2011-1146.patch
+ bnc#678406
+
+-------------------------------------------------------------------
calling whatdependson for 11.3-i586
New:
----
71753cb7-CVE-2011-1146.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libvirt.spec ++++++
--- /var/tmp/diff_new_pack.Y56daT/_old 2011-03-16 01:43:20.000000000 +0100
+++ /var/tmp/diff_new_pack.Y56daT/_new 2011-03-16 01:43:20.000000000 +0100
@@ -117,7 +117,7 @@
Group: Development/Libraries/C and C++
AutoReqProv: yes
Version: 0.8.1
-Release: 4.<RELEASE4>
+Release: 4.<RELEASE5>
Summary: A C toolkit to interract with the virtualization capabilities of Linux
# The client side, i.e. shared libs and virsh are in a subpackage
Requires: %{name}-client = %{version}-%{release}
@@ -168,6 +168,7 @@
Patch24: af521a01-hap3.patch
Patch25: 79f56c66-hap4.patch
Patch26: 094c6f4a-hap-fix.patch
+Patch27: 71753cb7-CVE-2011-1146.patch
# Need to go upstream
Patch100: xen-name-for-devid.patch
Patch102: clone.patch
@@ -307,6 +308,7 @@
%patch24 -p1
%patch25 -p1
%patch26 -p1
+%patch27 -p1
%patch100 -p1
%patch102
%patch103 -p1
++++++ 71753cb7-CVE-2011-1146.patch ++++++
commit 71753cb7f7a16ff800381c0b5ee4e99eea92fed3
Author: Guido Günther
Date: Mon Mar 14 10:56:28 2011 +0800
Add missing checks for read only connections
As pointed on CVE-2011-1146, some API forgot to check the read-only
status of the connection for entry point which modify the state
of the system or may lead to a remote execution using user data.
The entry points concerned are:
- virConnectDomainXMLToNative
- virNodeDeviceDettach
- virNodeDeviceReAttach
- virNodeDeviceReset
- virDomainRevertToSnapshot
- virDomainSnapshotDelete
* src/libvirt.c: fix the above set of entry points to error on read-only
connections
Index: libvirt-0.8.1/src/libvirt.c
===================================================================
--- libvirt-0.8.1.orig/src/libvirt.c
+++ libvirt-0.8.1/src/libvirt.c
@@ -3150,6 +3150,10 @@ char *virConnectDomainXMLToNative(virCon
virDispatchError(NULL);
return (NULL);
}
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibDomainError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
if (nativeFormat == NULL || domainXml == NULL) {
virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
@@ -9348,6 +9352,11 @@ virNodeDeviceDettach(virNodeDevicePtr de
return (-1);
}
+ if (dev->conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
if (dev->conn->driver->nodeDeviceDettach) {
int ret;
ret = dev->conn->driver->nodeDeviceDettach (dev);
@@ -9391,6 +9400,11 @@ virNodeDeviceReAttach(virNodeDevicePtr d
return (-1);
}
+ if (dev->conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
if (dev->conn->driver->nodeDeviceReAttach) {
int ret;
ret = dev->conn->driver->nodeDeviceReAttach (dev);
@@ -9436,6 +9450,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
return (-1);
}
+ if (dev->conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
+
if (dev->conn->driver->nodeDeviceReset) {
int ret;
ret = dev->conn->driver->nodeDeviceReset (dev);
@@ -12691,6 +12710,10 @@ virDomainRevertToSnapshot(virDomainSnaps
}
conn = snapshot->domain->conn;
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
if (conn->driver->domainRevertToSnapshot) {
int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
@@ -12737,6 +12760,10 @@ virDomainSnapshotDelete(virDomainSnapsho
}
conn = snapshot->domain->conn;
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
if (conn->driver->domainSnapshotDelete) {
int ret = conn->driver->domainSnapshotDelete(snapshot, flags);
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org