MIRRORS/meta-virtualization
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-07-19 12:50:22 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

libvirt: Security fix CVE-2019-3840

Browse Source 
Source: https://libvirt.org
MR: 97512
Type: Security Fix
Disposition: Backport from https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=9ed175fbc2deecfdaeabca7bc77c7e7ae33a3377
ChangeID: 6c662c67dd3cf6e0eba493b7b619db35f2e07d93
Description:

Fixes CVE-2019-3840

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This commit is contained in:
Armin Kuster 2019-05-31 22:14:52 -07:00 committed by Bruce Ashfield
parent 9b568b6ae1
commit bbc38dc9d6
2 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
recipes-extended/libvirt/libvirt/CVE-2019-3840.patch Normal file
View File

@ -0,0 +1,39 @@
From 9ed175fbc2deecfdaeabca7bc77c7e7ae33a3377 Mon Sep 17 00:00:00 2001
From: John Ferlan <jferlan@redhat.com>
Date: Fri, 7 Sep 2018 16:01:27 -0400
Subject: [PATCH] qemu: Remove duplicated qemuAgentCheckError
Commit 5b3492fadb moved qemuAgentCheckError calls into
qemuAgentCommand for various reasons; however, subsequent
commit 0977b8aa0 adding a new command made call again
So let's just remove the duplicitous call from
qemuAgentGetInterfaces.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
Upstream-Status: Backport
CVE: CVE-2019-3840
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
src/qemu/qemu_agent.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
Index: libvirt-4.7.0/src/qemu/qemu_agent.c
===================================================================
--- libvirt-4.7.0.orig/src/qemu/qemu_agent.c
+++ libvirt-4.7.0/src/qemu/qemu_agent.c
@@ -1987,10 +1987,9 @@ qemuAgentGetInterfaces(qemuAgentPtr mon,
if (!(cmd = qemuAgentMakeCommand("guest-network-get-interfaces", NULL)))
goto cleanup;
- if (qemuAgentCommand(mon, cmd, &reply, false, VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0 ||
- qemuAgentCheckError(cmd, reply) < 0) {
+ if (qemuAgentCommand(mon, cmd, &reply, false,
+ VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0)
goto cleanup;
- }
if (!(ret_array = virJSONValueObjectGet(reply, "return"))) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",

1
recipes-extended/libvirt/libvirt_4.7.0.bb
View File

@ -36,6 +36,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
file://0001-ptest-Remove-Windows-1252-check-from-esxutilstest.patch \
file://configure.ac-search-for-rpc-rpc.h-in-the-sysroot.patch \
file://lxc_monitor-Avoid-AB-BA-lock-race.patch \
file://CVE-2019-3840.patch \
"
SRC_URI[libvirt.md5sum] = "38da6c33250dcbc0a6d68de5c758262b"