Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
libvirt.11696
CVE-2019-10167-api-disallow-virConnectGetDomain...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-10167-api-disallow-virConnectGetDomainCapabilities.patch of Package libvirt.11696
From 7bfe7fc810ee84ca1cef996981789445929fdb7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com> Date: Fri, 14 Jun 2019 10:37:33 +0200 Subject: [PATCH 3/4] api: disallow virConnectGetDomainCapabilities on read-only connections MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: Ján Tomko <jtomko@redhat.com> --- src/libvirt-domain.c | 1 + 1 file changed, 1 insertion(+) Index: libvirt-1.2.18.4/src/libvirt-domain.c =================================================================== --- libvirt-1.2.18.4.orig/src/libvirt-domain.c +++ libvirt-1.2.18.4/src/libvirt-domain.c @@ -11071,6 +11071,7 @@ virConnectGetDomainCapabilities(virConne virResetLastError(); virCheckConnectReturn(conn, NULL); + virCheckReadOnlyGoto(conn->flags, error); if (conn->driver->connectGetDomainCapabilities) { char *ret;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor