From 1caaf6bb06713c7d243c43ff8b8d3f32ade3fa3916deb4ed05b9be55463b3946 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Mon, 1 Jul 2013 15:28:09 +0000 Subject: [PATCH] - CVE-2013-2218: Fix crash listing network interfaces with filters 244e0b8c-CVE-2013-2218.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=277 --- 244e0b8c-CVE-2013-2218.patch | 54 ++++++++++++++++++++++++++++++++++++ libvirt.changes | 6 ++++ libvirt.spec | 2 ++ 3 files changed, 62 insertions(+) create mode 100644 244e0b8c-CVE-2013-2218.patch diff --git a/244e0b8c-CVE-2013-2218.patch b/244e0b8c-CVE-2013-2218.patch new file mode 100644 index 0000000..a1d6c9f --- /dev/null +++ b/244e0b8c-CVE-2013-2218.patch @@ -0,0 +1,54 @@ +commit 244e0b8cf15ca2ef48d82058e728656e6c4bad11 +Author: Daniel P. Berrange +Date: Fri Jun 28 13:21:33 2013 +0100 + + Crash of libvirtd by unprivileged user in virConnectListAllInterfaces + + On Thu, Jun 27, 2013 at 03:56:42PM +0100, Daniel P. Berrange wrote: + > Hi Security Team, + > + > I've discovered a way for an unprivileged user with a readonly connection + > to libvirtd, to crash the daemon. + + Ok, the final patch for this is issue will be the simpler variant that + Eric suggested + + The embargo can be considered to be lifted on Monday July 1st, at + 0900 UTC + + The following is the GIT change that DV or myself will apply to libvirt + GIT master immediately before the 1.1.0 release: + + >From 177b4165c531a4b3ba7f6ab6aa41dca9ceb0b8cf Mon Sep 17 00:00:00 2001 + From: "Daniel P. Berrange" + Date: Fri, 28 Jun 2013 10:48:37 +0100 + Subject: [PATCH] CVE-2013-2218: Fix crash listing network interfaces with + filters + + The virConnectListAllInterfaces method has a double-free of the + 'struct netcf_if' object when any of the filtering flags cause + an interface to be skipped over. For example when running the + command 'virsh iface-list --inactive' + + This is a regression introduced in release 1.0.6 by + + commit 7ac2c4fe624f30f2c8270116513fa2ddab07631f + Author: Guannan Ren + Date: Tue May 21 21:29:38 2013 +0800 + + interface: list all interfaces with flags == 0 + + Signed-off-by: Daniel P. Berrange + +Index: libvirt-1.0.6/src/interface/interface_backend_netcf.c +=================================================================== +--- libvirt-1.0.6.orig/src/interface/interface_backend_netcf.c ++++ libvirt-1.0.6/src/interface/interface_backend_netcf.c +@@ -365,6 +365,7 @@ netcfConnectListAllInterfaces(virConnect + (MATCH(VIR_CONNECT_LIST_INTERFACES_INACTIVE) && + (status & NETCF_IFACE_INACTIVE)))) { + ncf_if_free(iface); ++ iface = NULL; + continue; + } + diff --git a/libvirt.changes b/libvirt.changes index 7f25d5c..c659dc2 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jul 1 09:25:41 MDT 2013 - jfehlig@suse.com + +- CVE-2013-2218: Fix crash listing network interfaces with filters + 244e0b8c-CVE-2013-2218.patch + ------------------------------------------------------------------- Tue Jun 11 10:36:17 MDT 2013 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index 7158e7a..88e9c0a 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -407,6 +407,7 @@ Source1: libvirtd.init Source2: libvirtd-relocation-server.fw Source99: baselibs.conf # Upstream patches +Patch0: 244e0b8c-CVE-2013-2218.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch @@ -874,6 +875,7 @@ of recent versions of Linux (and other OSes). %prep %setup -q +%patch0 -p1 %patch100 -p1 %patch101 %patch102 -p1