MIRRORS/meta-virtualization
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-07-19 12:50:22 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
7685c7d415
meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10132_p3.patch
Armin Kuster 7685c7d415 libvirt: 9 Security fixes plus 
Source: libvirt.org
MR: 98352, 99240, 99137, 99245, 99132
Type: Security Fix
Disposition: Backport from https://libvirt.org/git/?p=libvirt.git;a=log;h=refs/heads/v4.7-maint
ChangeID: 95f822542723d4bf910c1b4159e1431d7d46c969
Description:

Update to 4.7 maint tip all bug fixes.
Includes:
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2019-11091
CVE-2019-10132
CVE-2019-10161
CVE-2019-10166
CVE-2019-10167
CVE-2019-10168

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
2019-09-09 13:27:09 -04:00

57 lines
1.8 KiB
Diff
Raw Blame History

From 030fdf57255f97289a407529194bf26c77548acb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Tue, 30 Apr 2019 17:27:41 +0100
Subject: [PATCH 07/11] logging: restrict sockets to mode 0600
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The virtlogd daemon's only intended client is the libvirtd daemon. As
such it should never allow clients from other user accounts to connect.
The code already enforces this and drops clients from other UIDs, but
we can get earlier (and thus stronger) protection against DoS by setting
the socket permissions to 0600
Fixes CVE-2019-10132
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit e37bd65f9948c1185456b2cdaa3bd6e875af680f)
Upstream-Status: Backport
CVE: CVE-2019-10132
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
src/logging/virtlogd-admin.socket.in | 1 +
src/logging/virtlogd.socket.in | 1 +
2 files changed, 2 insertions(+)
diff --git a/src/logging/virtlogd-admin.socket.in b/src/logging/virtlogd-admin.socket.in
index 595e6c4..5c41dfe 100644
--- a/src/logging/virtlogd-admin.socket.in
+++ b/src/logging/virtlogd-admin.socket.in
@@ -5,6 +5,7 @@ Before=libvirtd.service
[Socket]
ListenStream=@localstatedir@/run/libvirt/virtlogd-admin-sock
Service=virtlogd.service
+SocketMode=0600
[Install]
WantedBy=sockets.target
diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in
index 22b9360..ae48cda 100644
--- a/src/logging/virtlogd.socket.in
+++ b/src/logging/virtlogd.socket.in
@@ -4,6 +4,7 @@ Before=libvirtd.service
[Socket]
ListenStream=@localstatedir@/run/libvirt/virtlogd-sock
+SocketMode=0600
[Install]
WantedBy=sockets.target
--
2.7.4
Reference in New Issue View Git Blame Copy Permalink