forked from pool/libvirt
Accepting request 711148 from home:jfehlig:branches:Virtualization
Fixes for CVE's made public today. - api: disallow virConnect*HypervisorCPU, virConnectGetDomainCapabilities, virDomainManagedSaveDefineXML, and virDomainSaveImageGetXMLDesc on read-only connections CVE-2019-10161-api-disallow-virDomainSaveImageGetXMLDesc.patch, CVE-2019-10166-api-disallow-virDomainManagedSaveDefineXML.patch, CVE-2019-10167-api-disallow-virConnectGetDomainCapabilities.patch, CVE-2019-10168-api-disallow-virConnect-HypervisorCPU.patch CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168 bsc#1138301, bsc#1138302, bsc#1138303, bsc#1138305 OBS-URL: https://build.opensuse.org/request/show/711148 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=765
This commit is contained in:
parent
962931e8eb
commit
2d3b4f44f0
25
8afa68ba-CVE-2019-10167.patch
Normal file
25
8afa68ba-CVE-2019-10167.patch
Normal file
@ -0,0 +1,25 @@
|
||||
commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26
|
||||
Author: Ján Tomko <jtomko@redhat.com>
|
||||
Date: Fri Jun 14 09:16:14 2019 +0200
|
||||
|
||||
api: disallow virConnectGetDomainCapabilities on read-only connections
|
||||
|
||||
This API can be used to execute arbitrary emulators.
|
||||
Forbid it on read-only connections.
|
||||
|
||||
Fixes: CVE-2019-10167
|
||||
Signed-off-by: Ján Tomko <jtomko@redhat.com>
|
||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
Index: libvirt-5.4.0/src/libvirt-domain.c
|
||||
===================================================================
|
||||
--- libvirt-5.4.0.orig/src/libvirt-domain.c
|
||||
+++ libvirt-5.4.0/src/libvirt-domain.c
|
||||
@@ -11360,6 +11360,7 @@ virConnectGetDomainCapabilities(virConne
|
||||
virResetLastError();
|
||||
|
||||
virCheckConnectReturn(conn, NULL);
|
||||
+ virCheckReadOnlyGoto(conn->flags, error);
|
||||
|
||||
if (conn->driver->connectGetDomainCapabilities) {
|
||||
char *ret;
|
73
aed6a032-CVE-2019-10161.patch
Normal file
73
aed6a032-CVE-2019-10161.patch
Normal file
@ -0,0 +1,73 @@
|
||||
commit aed6a032cead4386472afb24b16196579e239580
|
||||
Author: Ján Tomko <jtomko@redhat.com>
|
||||
Date: Fri Jun 14 08:47:42 2019 +0200
|
||||
|
||||
api: disallow virDomainSaveImageGetXMLDesc on read-only connections
|
||||
|
||||
The virDomainSaveImageGetXMLDesc API is taking a path parameter,
|
||||
which can point to any path on the system. This file will then be
|
||||
read and parsed by libvirtd running with root privileges.
|
||||
|
||||
Forbid it on read-only connections.
|
||||
|
||||
Fixes: CVE-2019-10161
|
||||
Reported-by: Matthias Gerstner <mgerstner@suse.de>
|
||||
Signed-off-by: Ján Tomko <jtomko@redhat.com>
|
||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
Index: libvirt-5.4.0/src/libvirt-domain.c
|
||||
===================================================================
|
||||
--- libvirt-5.4.0.orig/src/libvirt-domain.c
|
||||
+++ libvirt-5.4.0/src/libvirt-domain.c
|
||||
@@ -1073,8 +1073,7 @@ virDomainRestoreFlags(virConnectPtr conn
|
||||
* previously by virDomainSave() or virDomainSaveFlags().
|
||||
*
|
||||
* No security-sensitive data will be included unless @flags contains
|
||||
- * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE; this flag is rejected on read-only
|
||||
- * connections.
|
||||
+ * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE.
|
||||
*
|
||||
* Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of
|
||||
* error. The caller must free() the returned value.
|
||||
@@ -1090,13 +1089,7 @@ virDomainSaveImageGetXMLDesc(virConnectP
|
||||
|
||||
virCheckConnectReturn(conn, NULL);
|
||||
virCheckNonNullArgGoto(file, error);
|
||||
-
|
||||
- if ((conn->flags & VIR_CONNECT_RO) &&
|
||||
- (flags & VIR_DOMAIN_SAVE_IMAGE_XML_SECURE)) {
|
||||
- virReportError(VIR_ERR_OPERATION_DENIED, "%s",
|
||||
- _("virDomainSaveImageGetXMLDesc with secure flag"));
|
||||
- goto error;
|
||||
- }
|
||||
+ virCheckReadOnlyGoto(conn->flags, error);
|
||||
|
||||
if (conn->driver->domainSaveImageGetXMLDesc) {
|
||||
char *ret;
|
||||
Index: libvirt-5.4.0/src/qemu/qemu_driver.c
|
||||
===================================================================
|
||||
--- libvirt-5.4.0.orig/src/qemu/qemu_driver.c
|
||||
+++ libvirt-5.4.0/src/qemu/qemu_driver.c
|
||||
@@ -7038,7 +7038,7 @@ qemuDomainSaveImageGetXMLDesc(virConnect
|
||||
if (fd < 0)
|
||||
goto cleanup;
|
||||
|
||||
- if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
|
||||
+ if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
|
||||
goto cleanup;
|
||||
|
||||
ret = qemuDomainDefFormatXML(driver, def, flags);
|
||||
Index: libvirt-5.4.0/src/remote/remote_protocol.x
|
||||
===================================================================
|
||||
--- libvirt-5.4.0.orig/src/remote/remote_protocol.x
|
||||
+++ libvirt-5.4.0/src/remote/remote_protocol.x
|
||||
@@ -5242,8 +5242,7 @@ enum remote_procedure {
|
||||
/**
|
||||
* @generate: both
|
||||
* @priority: high
|
||||
- * @acl: domain:read
|
||||
- * @acl: domain:read_secure:VIR_DOMAIN_SAVE_IMAGE_XML_SECURE
|
||||
+ * @acl: domain:write
|
||||
*/
|
||||
REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
|
||||
|
33
bf6c2830-CVE-2019-10168.patch
Normal file
33
bf6c2830-CVE-2019-10168.patch
Normal file
@ -0,0 +1,33 @@
|
||||
commit bf6c2830b6c338b1f5699b095df36f374777b291
|
||||
Author: Ján Tomko <jtomko@redhat.com>
|
||||
Date: Fri Jun 14 09:17:39 2019 +0200
|
||||
|
||||
api: disallow virConnect*HypervisorCPU on read-only connections
|
||||
|
||||
These APIs can be used to execute arbitrary emulators.
|
||||
Forbid them on read-only connections.
|
||||
|
||||
Fixes: CVE-2019-10168
|
||||
Signed-off-by: Ján Tomko <jtomko@redhat.com>
|
||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
Index: libvirt-5.4.0/src/libvirt-host.c
|
||||
===================================================================
|
||||
--- libvirt-5.4.0.orig/src/libvirt-host.c
|
||||
+++ libvirt-5.4.0/src/libvirt-host.c
|
||||
@@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnec
|
||||
|
||||
virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR);
|
||||
virCheckNonNullArgGoto(xmlCPU, error);
|
||||
+ virCheckReadOnlyGoto(conn->flags, error);
|
||||
|
||||
if (conn->driver->connectCompareHypervisorCPU) {
|
||||
int ret;
|
||||
@@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConne
|
||||
|
||||
virCheckConnectReturn(conn, NULL);
|
||||
virCheckNonNullArgGoto(xmlCPUs, error);
|
||||
+ virCheckReadOnlyGoto(conn->flags, error);
|
||||
|
||||
if (conn->driver->connectBaselineHypervisorCPU) {
|
||||
char *cpu;
|
27
db0b7845-CVE-2019-10166.patch
Normal file
27
db0b7845-CVE-2019-10166.patch
Normal file
@ -0,0 +1,27 @@
|
||||
commit db0b78457f183e4c7ac45bc94de86044a1e2056a
|
||||
Author: Ján Tomko <jtomko@redhat.com>
|
||||
Date: Fri Jun 14 09:14:53 2019 +0200
|
||||
|
||||
api: disallow virDomainManagedSaveDefineXML on read-only connections
|
||||
|
||||
The virDomainManagedSaveDefineXML can be used to alter the domain's
|
||||
config used for managedsave or even execute arbitrary emulator binaries.
|
||||
Forbid it on read-only connections.
|
||||
|
||||
Fixes: CVE-2019-10166
|
||||
Reported-by: Matthias Gerstner <mgerstner@suse.de>
|
||||
Signed-off-by: Ján Tomko <jtomko@redhat.com>
|
||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
Index: libvirt-5.4.0/src/libvirt-domain.c
|
||||
===================================================================
|
||||
--- libvirt-5.4.0.orig/src/libvirt-domain.c
|
||||
+++ libvirt-5.4.0/src/libvirt-domain.c
|
||||
@@ -9563,6 +9563,7 @@ virDomainManagedSaveDefineXML(virDomainP
|
||||
|
||||
virCheckDomainReturn(domain, -1);
|
||||
conn = domain->conn;
|
||||
+ virCheckReadOnlyGoto(conn->flags, error);
|
||||
|
||||
if (conn->driver->domainManagedSaveDefineXML) {
|
||||
int ret;
|
@ -1,3 +1,16 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 20 14:55:04 UTC 2019 - Jim Fehlig <jfehlig@suse.com>
|
||||
|
||||
- api: disallow virConnect*HypervisorCPU,
|
||||
virConnectGetDomainCapabilities, virDomainManagedSaveDefineXML,
|
||||
and virDomainSaveImageGetXMLDesc on read-only connections
|
||||
CVE-2019-10161-api-disallow-virDomainSaveImageGetXMLDesc.patch,
|
||||
CVE-2019-10166-api-disallow-virDomainManagedSaveDefineXML.patch,
|
||||
CVE-2019-10167-api-disallow-virConnectGetDomainCapabilities.patch,
|
||||
CVE-2019-10168-api-disallow-virConnect-HypervisorCPU.patch
|
||||
CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168
|
||||
bsc#1138301, bsc#1138302, bsc#1138303, bsc#1138305
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 12 15:03:47 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
|
10
libvirt.spec
10
libvirt.spec
@ -12,7 +12,7 @@
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
@ -336,6 +336,10 @@ Source6: libvirtd-relocation-server.xml
|
||||
Source99: baselibs.conf
|
||||
Source100: %{name}-rpmlintrc
|
||||
# Upstream patches
|
||||
Patch0: aed6a032-CVE-2019-10161.patch
|
||||
Patch1: db0b7845-CVE-2019-10166.patch
|
||||
Patch2: 8afa68ba-CVE-2019-10167.patch
|
||||
Patch3: bf6c2830-CVE-2019-10168.patch
|
||||
# Patches pending upstream review
|
||||
Patch100: libxl-dom-reset.patch
|
||||
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
|
||||
@ -868,6 +872,10 @@ libvirt plugin for NSS for translating domain names into IP addresses.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%patch150 -p1
|
||||
|
Loading…
Reference in New Issue
Block a user