diff options
Diffstat (limited to 'external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch')
-rw-r--r-- | external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch deleted file mode 100644 index 860c1e53..00000000 --- a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 54005b84b0165b62b2ef88c7df229bddbaa29e76 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com> -Date: Tue, 30 Apr 2019 16:51:37 +0100 -Subject: [PATCH 06/11] locking: restrict sockets to mode 0600 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The virtlockd daemon's only intended client is the libvirtd daemon. As -such it should never allow clients from other user accounts to connect. -The code already enforces this and drops clients from other UIDs, but -we can get earlier (and thus stronger) protection against DoS by setting -the socket permissions to 0600 - -Fixes CVE-2019-10132 - -Reviewed-by: Ján Tomko <jtomko@redhat.com> -Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> -(cherry picked from commit f111e09468693909b1f067aa575efdafd9a262a1) - -Upstream-Status: Backport -CVE: CVE-2019-10132 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - src/locking/virtlockd-admin.socket.in | 1 + - src/locking/virtlockd.socket.in | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in -index 2a7500f..f674c49 100644 ---- a/src/locking/virtlockd-admin.socket.in -+++ b/src/locking/virtlockd-admin.socket.in -@@ -5,6 +5,7 @@ Before=libvirtd.service - [Socket] - ListenStream=@localstatedir@/run/libvirt/virtlockd-admin-sock - Service=virtlockd.service -+SocketMode=0600 - - [Install] - WantedBy=sockets.target -diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in -index 45e0f20..d701b27 100644 ---- a/src/locking/virtlockd.socket.in -+++ b/src/locking/virtlockd.socket.in -@@ -4,6 +4,7 @@ Before=libvirtd.service - - [Socket] - ListenStream=@localstatedir@/run/libvirt/virtlockd-sock -+SocketMode=0600 - - [Install] - WantedBy=sockets.target --- -2.7.4 - |