SHA256
1
0
forked from pool/libvirt
libvirt/8afa68ba-CVE-2019-10167.patch
James Fehlig 2d3b4f44f0 Accepting request 711148 from home:jfehlig:branches:Virtualization
Fixes for CVE's made public today.

- api: disallow virConnect*HypervisorCPU,
  virConnectGetDomainCapabilities, virDomainManagedSaveDefineXML,
  and virDomainSaveImageGetXMLDesc on read-only connections
  CVE-2019-10161-api-disallow-virDomainSaveImageGetXMLDesc.patch,
  CVE-2019-10166-api-disallow-virDomainManagedSaveDefineXML.patch,
  CVE-2019-10167-api-disallow-virConnectGetDomainCapabilities.patch,
  CVE-2019-10168-api-disallow-virConnect-HypervisorCPU.patch
  CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168
  bsc#1138301, bsc#1138302, bsc#1138303, bsc#1138305

OBS-URL: https://build.opensuse.org/request/show/711148
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=765
2019-06-20 15:16:41 +00:00

26 lines
895 B
Diff

commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26
Author: Ján Tomko <jtomko@redhat.com>
Date: Fri Jun 14 09:16:14 2019 +0200
api: disallow virConnectGetDomainCapabilities on read-only connections
This API can be used to execute arbitrary emulators.
Forbid it on read-only connections.
Fixes: CVE-2019-10167
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Index: libvirt-5.4.0/src/libvirt-domain.c
===================================================================
--- libvirt-5.4.0.orig/src/libvirt-domain.c
+++ libvirt-5.4.0/src/libvirt-domain.c
@@ -11360,6 +11360,7 @@ virConnectGetDomainCapabilities(virConne
virResetLastError();
virCheckConnectReturn(conn, NULL);
+ virCheckReadOnlyGoto(conn->flags, error);
if (conn->driver->connectGetDomainCapabilities) {
char *ret;