[libvirt] [PATCHv3 0/3] network: resolve CVE 2012-3411

Laine Stump laine at laine.org
Wed Nov 28 17:54:07 UTC 2012

(This obsoletes the V2 patches I sent yesterday: 
 https://www.redhat.com/archives/libvir-list/2012-November/msg01216.html )

This patch series resolves the libvirt part of CVE 2012-3411:


Further details are in PATCH 3/3.

The changes from V1 to V3: (resulting from Doug Goldstein's review,
and a comment in the BZ record from the CVE reporter, David Woodhouse)

1) rework dnsmasqCapsRefresh() to create a new caps object if it's
   given a NULL object (function now gets dnsmasqCapsPtr* instead of
   dnsmasCapsPtr). This makes it possible to recover properly if dnsmasq
   is installed after libvirtd has already been started.

2) Add the following before each run of dnsmasq:


3) Fixed a missing space after comma :-)

4) remove empty if () { } around initial call to
   dnsmasqCapsNewFromBinary() in bridge_driver.c

5) include FEC0::/10 as a "local" range when checking for private
   addresses to allow in the absence of an updated dnsmasq.

More information about the libvir-list mailing list