commit libvirt for openSUSE:11.4

Tue, 14 Jun 2011 09:26:42 -0700 

Hello community,

here is the log from the commit of package libvirt for openSUSE:11.4
checked in at Tue Jun 14 18:25:57 CEST 2011.



--------
--- old-versions/11.4/UPDATES/all/libvirt/libvirt.changes       2011-04-06 
17:48:05.000000000 +0200
+++ 11.4/libvirt/libvirt.changes        2011-06-06 19:28:47.000000000 +0200
@@ -1,0 +2,7 @@
+Mon Jun  6 11:23:13 MDT 2011 - jfeh...@suse.de
+
+- VUL-0: libvirt: regression introduced in disk probe
+  b598ac55-CVE-2011-2178.patch
+  bnc#697904
+
+-------------------------------------------------------------------

calling whatdependson for 11.4-i586


New:
----
  b598ac55-CVE-2011-2178.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libvirt.spec ++++++
--- /var/tmp/diff_new_pack.KfWfsG/_old  2011-06-14 18:25:06.000000000 +0200
+++ /var/tmp/diff_new_pack.KfWfsG/_new  2011-06-14 18:25:06.000000000 +0200
@@ -145,7 +145,7 @@
 Group:          Development/Libraries/C and C++
 AutoReqProv:    yes
 Version:        0.8.8
-Release:        0.<RELEASE8>
+Release:        0.<RELEASE10>
 Summary:        A C toolkit to interract with the virtualization capabilities 
of Linux
 # The client side, i.e. shared libs and virsh are in a subpackage
 Requires:       %{name}-client = %{version}-%{release}
@@ -172,6 +172,7 @@
 Patch0:         efc2594b-boot-param.patch
 Patch1:         71753cb7-CVE-2011-1146.patch
 Patch2:         f44bfb7f-CVE-2011-1486.patch
+Patch3:         b598ac55-CVE-2011-2178.patch
 # Need to go upstream
 Patch100:       xen-name-for-devid.patch
 Patch102:       clone.patch
@@ -289,6 +290,7 @@
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 %patch100 -p1
 %patch102
 %patch103 -p1

++++++ b598ac55-CVE-2011-2178.patch ++++++
commit b598ac555c8fe67ffc39ac8ef25fe7e6b28ae3f2
Author: Eric Blake <ebl...@redhat.com>
Date:   Thu May 26 08:18:46 2011 -0600

    security: plug regression introduced in disk probe logic
    
    Regression introduced in commit d6623003 (v0.8.8) - using the
    wrong sizeof operand meant that security manager private data
    was overlaying the allowDiskFormatProbing member of struct
    _virSecurityManager.  This reopens disk probing, which was
    supposed to be prevented by the solution to CVE-2010-2238.
    
    * src/security/security_manager.c
    (virSecurityManagerGetPrivateData): Use correct offset.

diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 0246dd8..6f0becd 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -107,7 +107,9 @@ virSecurityManagerPtr virSecurityManagerNew(const char 
*name,
 
 void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
 {
-    return ((char*)mgr) + sizeof(mgr);
+    /* This accesses the memory just beyond mgr, which was allocated
+     * via VIR_ALLOC_VAR earlier.  */
+    return mgr + 1;
 }
 
 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to