mirror of
git://git.yoctoproject.org/meta-virtualization.git
synced 2025-07-19 12:50:22 +02:00
da0f1599ce
Backport a fix for CVE-2021-3667. The CVE discription: An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1986094 Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|---|---|---|
| .. | ||
| ceph | ||
| cloud-init | ||
| dev86 | ||
| diod | ||
| fuse-overlayfs | ||
| hyperstart | ||
| images | ||
| iptables | ||
| ipxe | ||
| irqbalance | ||
| kvmtool | ||
| libibverbs | ||
| libvirt | ||
| libvmi | ||
| nagios | ||
| oath | ||
| seabios | ||
| upx | ||
| uxen | ||
| vgabios | ||
| xen | ||
| xvisor | ||