Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
libvirt.11701
CVE-2019-10167-api-disallow-virConnectGetDomain...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-10167-api-disallow-virConnectGetDomainCapabilities.patch of Package libvirt.11701
From 7bfe7fc810ee84ca1cef996981789445929fdb7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com> Date: Fri, 14 Jun 2019 10:37:33 +0200 Subject: [PATCH 3/4] api: disallow virConnectGetDomainCapabilities on read-only connections MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: Ján Tomko <jtomko@redhat.com> --- src/libvirt-domain.c | 1 + 1 file changed, 1 insertion(+) Index: libvirt-4.0.0/src/libvirt-domain.c =================================================================== --- libvirt-4.0.0.orig/src/libvirt-domain.c +++ libvirt-4.0.0/src/libvirt-domain.c @@ -11220,6 +11220,7 @@ virConnectGetDomainCapabilities(virConne virResetLastError(); virCheckConnectReturn(conn, NULL); + virCheckReadOnlyGoto(conn->flags, error); if (conn->driver->connectGetDomainCapabilities) { char *ret;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor