[libvirt] [PATCHv3 3/3] network: use dnsmasq --bind-dynamic when available

Eric Blake eblake at redhat.com
Wed Nov 28 23:32:31 UTC 2012

> This bug resolves CVE-2012-3411, which is described in the following
> bugzilla report:
>   https://bugzilla.redhat.com/show_bug.cgi?id=833033
> The following report is specifically for libvirt on Fedora:
>   https://bugzilla.redhat.com/show_bug.cgi?id=874702
> In short, a dnsmasq instance run with the intention of listening for
> DHCP/DNS requests only on a libvirt virtual network (which is
> constructed using a Linux host bridge) would also answer queries sent
> from outside the virtualization host.

It's always nice to fully explain things in the commit message,
as you have done here - not only does it make the reviewer's job
easier today, but down the road, it will make it much easier to
answer what the CVE was all about and who is impacted (or more
specifically, that default installation is NOT impacted).  Thanks
for taking the time to write it up.

ACK.  And let's get this in, so distros can start backporting
the CVE fix for the sake of those people who ARE impacted.

More information about the libvir-list mailing list