summaryrefslogtreecommitdiffstats
path: root/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch
diff options
context:
space:
mode:
Diffstat (limited to 'external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch')
-rw-r--r--external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch41
1 files changed, 41 insertions, 0 deletions
diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch
new file mode 100644
index 00000000..576f46c7
--- /dev/null
+++ b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch
@@ -0,0 +1,41 @@
+From 5441f05a42a90779b0df86518286bf527e94aafb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Fri, 14 Jun 2019 09:16:14 +0200
+Subject: [PATCH 10/11] api: disallow virConnectGetDomainCapabilities on
+ read-only connections
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This API can be used to execute arbitrary emulators.
+Forbid it on read-only connections.
+
+Fixes: CVE-2019-10167
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26)
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+
+Upstream-Status: Backport
+CVE: CVE-2019-10167
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/libvirt-domain.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
+index 5c764aa..9862a5d 100644
+--- a/src/libvirt-domain.c
++++ b/src/libvirt-domain.c
+@@ -11274,6 +11274,7 @@ virConnectGetDomainCapabilities(virConnectPtr conn,
+ virResetLastError();
+
+ virCheckConnectReturn(conn, NULL);
++ virCheckReadOnlyGoto(conn->flags, error);
+
+ if (conn->driver->connectGetDomainCapabilities) {
+ char *ret;
+--
+2.7.4
+