[libvirt] [PATCHv3 0/3] network: resolve CVE 2012-3411
Laine Stump
laine at laine.org
Wed Nov 28 17:54:07 UTC 2012
(This obsoletes the V2 patches I sent yesterday:
https://www.redhat.com/archives/libvir-list/2012-November/msg01216.html )
This patch series resolves the libvirt part of CVE 2012-3411:
https://bugzilla.redhat.com/show_bug.cgi?id=833033
Further details are in PATCH 3/3.
The changes from V1 to V3: (resulting from Doug Goldstein's review,
and a comment in the BZ record from the CVE reporter, David Woodhouse)
1) rework dnsmasqCapsRefresh() to create a new caps object if it's
given a NULL object (function now gets dnsmasqCapsPtr* instead of
dnsmasCapsPtr). This makes it possible to recover properly if dnsmasq
is installed after libvirtd has already been started.
2) Add the following before each run of dnsmasq:
virCommandAddEnvPassCommon(cmd);
virCommandClearCaps(cmd);
3) Fixed a missing space after comma :-)
4) remove empty if () { } around initial call to
dnsmasqCapsNewFromBinary() in bridge_driver.c
5) include FEC0::/10 as a "local" range when checking for private
addresses to allow in the absence of an updated dnsmasq.
More information about the libvir-list
mailing list