[Pkg-libvirt-commits] [libvirt] 01/02: Fix CVE-2015-0236

Guido Guenther agx at moszumanska.debian.org
Fri Jan 23 19:41:25 UTC 2015 

This is an automated email from the git hooks/post-receive script.

agx pushed a commit to annotated tag debian/1.2.9-8
in repository libvirt.

commit 885f33d3d23f5f4a8e5d1603ee6774f6fa514abb
Author: Guido Günther <agx at sigxcpu.org>
Date:   Fri Jan 23 15:22:44 2015 +0100

    Fix CVE-2015-0236
    
    Patches cherry-picked from upstream
    
    Closes: #776065
---
 ...36-qemu-Check-ACLs-when-dumping-securi-14.patch | 38 ++++++++++++++++++++++
 ...36-qemu-Check-ACLs-when-dumping-security-.patch | 37 +++++++++++++++++++++
 debian/patches/series                              |  2 ++
 3 files changed, 77 insertions(+)

diff --git a/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-securi-14.patch b/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-securi-14.patch
new file mode 100644
index 0000000..65aae79
--- /dev/null
+++ b/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-securi-14.patch
@@ -0,0 +1,38 @@
+From: Peter Krempa <pkrempa at redhat.com>
+Date: Tue, 20 Jan 2015 17:01:01 +0100
+Subject: CVE-2015-0236: qemu: Check ACLs when dumping security info from
+ snapshots
+
+The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
+appropriate permission for it. Found via code inspection while fixing
+permissions for save images.
+---
+ src/qemu/qemu_driver.c       | 2 +-
+ src/remote/remote_protocol.x | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index c9110f0..bc6aae4 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -14406,7 +14406,7 @@ qemuDomainSnapshotGetXMLDesc(virDomainSnapshotPtr snapshot,
+     if (!(vm = qemuDomObjFromSnapshot(snapshot)))
+         return NULL;
+ 
+-    if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, vm->def) < 0)
++    if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, vm->def, flags) < 0)
+         goto cleanup;
+ 
+     if (!(snap = qemuSnapObjFromSnapshot(vm, snapshot)))
+diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
+index 15694fa..c8162a5 100644
+--- a/src/remote/remote_protocol.x
++++ b/src/remote/remote_protocol.x
+@@ -4489,6 +4489,7 @@ enum remote_procedure {
+      * @generate: both
+      * @priority: high
+      * @acl: domain:read
++     * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
+      */
+     REMOTE_PROC_DOMAIN_SNAPSHOT_GET_XML_DESC = 186,
+ 
diff --git a/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-.patch b/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-.patch
new file mode 100644
index 0000000..923a5e9
--- /dev/null
+++ b/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-.patch
@@ -0,0 +1,37 @@
+From: Peter Krempa <pkrempa at redhat.com>
+Date: Tue, 20 Jan 2015 17:01:01 +0100
+Subject: CVE-2015-0236: qemu: Check ACLs when dumping security info from save
+ image
+
+The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
+appropriate permission for it.
+---
+ src/qemu/qemu_driver.c       | 2 +-
+ src/remote/remote_protocol.x | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 5994558..c9110f0 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -6031,7 +6031,7 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path,
+     if (fd < 0)
+         goto cleanup;
+ 
+-    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
++    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
+         goto cleanup;
+ 
+     ret = qemuDomainDefFormatXML(driver, def, flags);
+diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
+index d91fbe0..15694fa 100644
+--- a/src/remote/remote_protocol.x
++++ b/src/remote/remote_protocol.x
+@@ -4819,6 +4819,7 @@ enum remote_procedure {
+      * @generate: both
+      * @priority: high
+      * @acl: domain:read
++     * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
+      */
+     REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 3cb2c9f..fb694c9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -24,3 +24,5 @@ upstream/qemu-Fix-crash-in-tunnelled-migration.patch
 lxc-Move-setting-ifname_guest_actual-to-virLXCSetupI.patch
 lxc-Don-t-crash-on-NULL-ifname_guest_actual.patch
 upstream/vbox-fix-a-bug-in-_machineStateInactive.patch
+security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-.patch
+security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-securi-14.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libvirt.git

More information about the Pkg-libvirt-commits mailing list