- CVE-2014-0179: Don't expand entities when parsing XML

d6b27d3e-CVE-2014-0179.patch bnc#873705 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=368
2014-05-06 17:46:39 +00:00 · 2014-05-06 17:46:39 +00:00 · b5414a9ca3
commit b5414a9ca3
parent f8ebdc5158
3 changed files with 43 additions and 0 deletions
--- a/d6b27d3e-CVE-2014-0179.patch
+++ b/d6b27d3e-CVE-2014-0179.patch
@ -0,0 +1,34 @@
+commit d6b27d3e4c40946efa79e91d134616b41b1666c4
+Author: Daniel P. Berrange <berrange@redhat.com>
+Date:   Tue Apr 15 11:20:29 2014 +0100
+
+    LSN-2014-0003: Don't expand entities when parsing XML
+    
+    If the XML_PARSE_NOENT flag is passed to libxml2, then any
+    entities in the input document will be fully expanded. This
+    allows the user to read arbitrary files on the host machine
+    by creating an entity pointing to a local file. Removing
+    the XML_PARSE_NOENT flag means that any entities are left
+    unchanged by the parser, or expanded to "" by the XPath
+    APIs.
+    
+    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+
+Index: libvirt-1.2.3/src/util/virxml.c
+===================================================================
+--- libvirt-1.2.3.orig/src/util/virxml.c
+++ libvirt-1.2.3/src/util/virxml.c
+@@ -746,11 +746,11 @@ virXMLParseHelper(int domcode,
+ 
+     if (filename) {
+         xml = xmlCtxtReadFile(pctxt, filename, NULL,
+-                              XML_PARSE_NOENT | XML_PARSE_NONET |
+                              XML_PARSE_NONET |
+                               XML_PARSE_NOWARNING);
+     } else {
+         xml = xmlCtxtReadDoc(pctxt, BAD_CAST xmlStr, url, NULL,
+-                             XML_PARSE_NOENT | XML_PARSE_NONET |
+                             XML_PARSE_NONET |
+                              XML_PARSE_NOWARNING);
+     }
+     if (!xml)
--- a/libvirt.changes
+++ b/libvirt.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon May  5 16:47:43 MDT 2014 - jfehlig@suse.com
+
+- CVE-2014-0179: Don't expand entities when parsing XML
+  d6b27d3e-CVE-2014-0179.patch
+  bnc#873705
+
 -------------------------------------------------------------------
 Tue Apr  8 09:44:50 MDT 2014 - jfehlig@suse.com

--- a/libvirt.spec
+++ b/libvirt.spec
@ -430,6 +430,7 @@ Source99:       baselibs.conf
 # Upstream patches
 Patch0:         0e0c1a74-domid-fix.patch
 Patch1:         7a1452f5-libxl-empty-cdrom.patch
+Patch2:         d6b27d3e-CVE-2014-0179.patch
 # Need to go upstream
 Patch100:       xen-name-for-devid.patch
 Patch101:       ia64-clone.patch
@ -948,6 +949,7 @@ namespaces.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 %patch100 -p1
 %patch101 -p1
 %patch102 -p1