Accepting request 181642 from Virtualization

Updated libvirt package to fix CVE-2013-2218. I still have some packaging issues to resolve before submitting libvirt 1.1.0, but wanted to get this CVE fix submitted to Factory in the meantime. - CVE-2013-2218: Fix crash listing network interfaces with filters 244e0b8c-CVE-2013-2218.patch OBS-URL: https://build.opensuse.org/request/show/181642 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=121
2013-07-02 05:39:16 +00:00 · 2013-07-02 05:39:16 +00:00 · ec159be921
commit ec159be921
parent 4601baff55 1caaf6bb06
3 changed files with 62 additions and 0 deletions
--- a/244e0b8c-CVE-2013-2218.patch
+++ b/244e0b8c-CVE-2013-2218.patch
@ -0,0 +1,54 @@
+commit 244e0b8cf15ca2ef48d82058e728656e6c4bad11
+Author: Daniel P. Berrange <berrange@redhat.com>
+Date:   Fri Jun 28 13:21:33 2013 +0100
+
+    Crash of libvirtd by unprivileged user in virConnectListAllInterfaces
+    
+    On Thu, Jun 27, 2013 at 03:56:42PM +0100, Daniel P. Berrange wrote:
+    > Hi Security Team,
+    >
+    > I've discovered a way for an unprivileged user with a readonly connection
+    > to libvirtd, to crash the daemon.
+    
+    Ok, the final patch for this is issue will be the simpler variant that
+    Eric suggested
+    
+    The embargo can be considered to be lifted on Monday July 1st, at
+    0900 UTC
+    
+    The following is the GIT change that DV or myself will apply to libvirt
+    GIT master immediately before the 1.1.0 release:
+    
+    >From 177b4165c531a4b3ba7f6ab6aa41dca9ceb0b8cf Mon Sep 17 00:00:00 2001
+    From: "Daniel P. Berrange" <berrange@redhat.com>
+    Date: Fri, 28 Jun 2013 10:48:37 +0100
+    Subject: [PATCH] CVE-2013-2218: Fix crash listing network interfaces with
+     filters
+    
+    The virConnectListAllInterfaces method has a double-free of the
+    'struct netcf_if' object when any of the filtering flags cause
+    an interface to be skipped over. For example when running the
+    command 'virsh iface-list --inactive'
+    
+    This is a regression introduced in release 1.0.6 by
+    
+      commit 7ac2c4fe624f30f2c8270116513fa2ddab07631f
+      Author: Guannan Ren <gren@redhat.com>
+      Date:   Tue May 21 21:29:38 2013 +0800
+    
+        interface: list all interfaces with flags == 0
+    
+    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+
+Index: libvirt-1.0.6/src/interface/interface_backend_netcf.c
+===================================================================
+--- libvirt-1.0.6.orig/src/interface/interface_backend_netcf.c
+++ libvirt-1.0.6/src/interface/interface_backend_netcf.c
+@@ -365,6 +365,7 @@ netcfConnectListAllInterfaces(virConnect
+               (MATCH(VIR_CONNECT_LIST_INTERFACES_INACTIVE) &&
+                (status & NETCF_IFACE_INACTIVE)))) {
+             ncf_if_free(iface);
+            iface = NULL;
+             continue;
+         }
+ 
--- a/libvirt.changes
+++ b/libvirt.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Jul  1 09:25:41 MDT 2013 - jfehlig@suse.com
+
+- CVE-2013-2218: Fix crash listing network interfaces with filters
+  244e0b8c-CVE-2013-2218.patch
+
 -------------------------------------------------------------------
 Tue Jun 11 10:36:17 MDT 2013 - jfehlig@suse.com

--- a/libvirt.spec
+++ b/libvirt.spec
@ -407,6 +407,7 @@ Source1:        libvirtd.init
 Source2:        libvirtd-relocation-server.fw
 Source99:       baselibs.conf
 # Upstream patches
+Patch0:         244e0b8c-CVE-2013-2218.patch
 # Need to go upstream
 Patch100:       xen-name-for-devid.patch
 Patch101:       clone.patch
@ -874,6 +875,7 @@ of recent versions of Linux (and other OSes).

 %prep
 %setup -q
+%patch0 -p1
 %patch100 -p1
 %patch101
 %patch102 -p1