Commit 9da537d1 authored by Leonardo Arena's avatar Leonardo Arena

main/libvirt: security fix (CVE-2019-3840)

Fixes #10422
parent 6cb240bc
......@@ -2,7 +2,7 @@
pkgname=libvirt
pkgver=4.10.0
_ver="${pkgver/_rc/-rc}"
pkgrel=1
pkgrel=2
pkgdesc="A virtualization API for several hypervisor and container systems"
url="http://libvirt.org/"
arch="all"
......@@ -30,6 +30,7 @@ source="https://libvirt.org/sources/$pkgname-$pkgver.tar.xz
virtlogd.initd
virtlockd.initd
musl-fix-includes.patch
CVE-2019-3840.patch
"
if [ "$CARCH" = "x86_64" ]; then
......@@ -40,6 +41,10 @@ subpackages="$subpackages $pkgname-common-drivers:_common_drivers"
builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
# 4.10.0-r2:
# - CVE-2019-3840
build() {
cd "$builddir"
# qemu sets libexec dir to /usr/lib/qemu
......@@ -177,4 +182,5 @@ sha512sums="a4f97aed6299c7954518ab88738ab781cee0755bfd64094a44468f77f99cac5eb2bc
734afb83b7a4703dd238f1d89dbc853a8c73bcf1994af648c41ab01ae4088e5c7a423f0cb91e5e31f2ae5e60c66d08a6e1583a1e3b88bb5554e0f9fd15ecc15c libvirt.initd
36b85f473d292be8df415256d01a562131d8ae61450ba3893658090a12d589ca32215382f56f286a830b4e59ffd98fbe1d92004f2ce14ca0834451b943cd8f2f virtlogd.initd
a4c4d26e4111931acbe7594451bf963a36c8db33c64b1bc447ab4758bb92803510bebee0511d6bc16ba80c289ab6f87e74377d47bf560412f9adb9c161a206d9 virtlockd.initd
dfe042c596028125bf8548115de2922683829c4716f6b0efb8efc38518670e3e848481661b9714bb0664c1022b87e8f3c0773611fe10187b0bc588e2336ada0c musl-fix-includes.patch"
dfe042c596028125bf8548115de2922683829c4716f6b0efb8efc38518670e3e848481661b9714bb0664c1022b87e8f3c0773611fe10187b0bc588e2336ada0c musl-fix-includes.patch
4ce674defc6da9f1da7d238a7727ea4058e3b10798dfdd9df606de777871cf3ab688acfba952cbdaa59c417928aed0e560c29d6a5965ceb72f47085aad83f251 CVE-2019-3840.patch"
From 7cfd1fbb1332ae5df678b9f41a62156cb2e88c73 Mon Sep 17 00:00:00 2001
From: =?utf8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Fri, 4 Jan 2019 10:17:46 +0100
Subject: [PATCH] qemu: require reply from guest agent in qemuAgentGetInterfaces
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
Since its introduction in commit 0977b8aa071 (released in v1.2.14)
qemuAgentGetInterfaces calls qemuAgentCommand with needReply=false,
which allows qemuAgentCommand to return 0 even when it did not get
any reply from the agent.
Set needReply to true, since we dereference it right after.
This can be hit if libvirt is waiting for an event from the agent
(e.g. shutdown) and the agent cannot reply in time (e.g. due to
the guest being shut down), as reported in:
https://bugzilla.redhat.com/show_bug.cgi?id=1663051
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
src/qemu/qemu_agent.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
index 0f4dae3..80b789b 100644
--- a/src/qemu/qemu_agent.c
+++ b/src/qemu/qemu_agent.c
@@ -2043,7 +2043,7 @@ qemuAgentGetInterfaces(qemuAgentPtr mon,
if (!(cmd = qemuAgentMakeCommand("guest-network-get-interfaces", NULL)))
goto cleanup;
- if (qemuAgentCommand(mon, cmd, &reply, false,
+ if (qemuAgentCommand(mon, cmd, &reply, true,
VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0)
goto cleanup;
--
1.7.1
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment