MIRRORS/meta-virtualization
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-07-19 12:50:22 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
da0f1599ce
meta-virtualization/recipes-extended/libvirt
History
Xu, Yanfei da0f1599ce libvirt: fix CVE-2021-3667 
Backport a fix for CVE-2021-3667.

The CVE discription: An improper locking issue was found in the
virStoragePoolLookupByTargetPath API of libvirt. It occurs in the
storagePoolLookupByTargetPath function where a locked virStoragePoolObj
object is not properly released on ACL permission failure. Clients
connecting to the read-write socket with limited ACL permissions could
use this flaw to acquire the lock and prevent other users from accessing
storage pool/volume APIs, resulting in a denial of service condition.
The highest threat from this vulnerability is to system availability.

Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1986094

Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
2021-11-24 16:57:20 -05:00
..
libvirt libvirt: fix CVE-2021-3667 2021-11-24 16:57:20 -05:00
libvirt_7.2.0.bb libvirt: fix CVE-2021-3667 2021-11-24 16:57:20 -05:00
libvirt-python.inc global: overrides syntax conversion 2021-08-02 17:17:53 -04:00
README libvirt: libvirtd: Facilitate using tls connection mode 2019-07-16 19:41:05 +00:00

README

libvirt default connection mode between client(where for example virsh runs) and server(where libvirtd runs) is tls which requires keys and certificates for certificate authority, client and server to be properly generated and deployed. Otherwise, servers and clients cannot be connected.

recipes-extended/libvirt/libvirt/gnutls-help.py is provided to help generate required keys and certificates.

Usage: gnutls-help.py [-a|--ca-info] <ca.info> [-b|--server-info] <server.info> [-c|--client-info] <client.info> If ca.info or server.info or client.info is not provided, a corresponding sample file will be generated.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! "ip_address" field of server.info must be IP address of the server. !! !! For more details, please refer to: !! !! https://libvirt.org/remote.html#Remote_certificates !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Please deploy cacert.pem to CA and server and client /etc/pki/CA/cacert.pem Please deploy serverkey.pem to server /etc/pki/libvirt/private/serverkey.pem Please deploy servercert.pem to server /etc/pki/libvirt/servercert.pem Please deploy clientkey.pem to client /etc/pki/libvirt/private/clientkey.pem Please deploy clientcert.pem to client /etc/pki/libvirt/clientcert.pem"

For more details please refer to libvirt official document, https://libvirt.org/remote.html#Remote_certificates