Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
libvirt.20357
e4116eaa-CVE-2020-25637.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File e4116eaa-CVE-2020-25637.patch of Package libvirt.20357
commit e4116eaa44cb366b59f7fe98f4b88d04c04970ad Author: Ján Tomko <jtomko@redhat.com> Date: Fri Sep 18 17:54:14 2020 +0200 rpc: require write acl for guest agent in virDomainInterfaceAddresses CVE-2020-25637 Add a requirement for domain:write if source is set to VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com> Index: libvirt-6.0.0/src/libxl/libxl_driver.c =================================================================== --- libvirt-6.0.0.orig/src/libxl/libxl_driver.c +++ libvirt-6.0.0/src/libxl/libxl_driver.c @@ -6366,7 +6366,7 @@ libxlDomainInterfaceAddresses(virDomainP if (!(vm = libxlDomObjFromDomain(dom))) goto cleanup; - if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def) < 0) + if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def, source) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) Index: libvirt-6.0.0/src/qemu/qemu_driver.c =================================================================== --- libvirt-6.0.0.orig/src/qemu/qemu_driver.c +++ libvirt-6.0.0/src/qemu/qemu_driver.c @@ -22010,7 +22010,7 @@ qemuDomainInterfaceAddresses(virDomainPt if (!(vm = qemuDomainObjFromDomain(dom))) goto cleanup; - if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def) < 0) + if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def, source) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) Index: libvirt-6.0.0/src/remote/remote_protocol.x =================================================================== --- libvirt-6.0.0.orig/src/remote/remote_protocol.x +++ libvirt-6.0.0/src/remote/remote_protocol.x @@ -6211,6 +6211,7 @@ enum remote_procedure { /** * @generate: none * @acl: domain:read + * @acl: domain:write::source:VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT */ REMOTE_PROC_DOMAIN_INTERFACE_ADDRESSES = 353,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor