Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
libvirt.14190
CVE-2019-10168-api-disallow-virConnect-Hypervis...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-10168-api-disallow-virConnect-HypervisorCPU.patch of Package libvirt.14190
From 23058e1c961ebc687913851fe14c75de9cabf954 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com> Date: Fri, 14 Jun 2019 10:37:34 +0200 Subject: [PATCH 4/4] api: disallow virConnect*HypervisorCPU on read-only connections MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These APIs can be used to execute arbitrary emulators. Forbid them on read-only connections. Fixes: CVE-2019-10168 Signed-off-by: Ján Tomko <jtomko@redhat.com> --- src/libvirt-host.c | 2 ++ 1 file changed, 2 insertions(+) Index: libvirt-5.1.0/src/libvirt-host.c =================================================================== --- libvirt-5.1.0.orig/src/libvirt-host.c +++ libvirt-5.1.0/src/libvirt-host.c @@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnec virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR); virCheckNonNullArgGoto(xmlCPU, error); + virCheckReadOnlyGoto(conn->flags, error); if (conn->driver->connectCompareHypervisorCPU) { int ret; @@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConne virCheckConnectReturn(conn, NULL); virCheckNonNullArgGoto(xmlCPUs, error); + virCheckReadOnlyGoto(conn->flags, error); if (conn->driver->connectBaselineHypervisorCPU) { char *cpu;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor