[libvirt] [PATCHv3 3/3] network: use dnsmasq --bind-dynamic when available
Laine Stump
laine at laine.org
Thu Nov 29 20:10:40 UTC 2012
On 11/28/2012 06:32 PM, Eric Blake wrote:
>> This bug resolves CVE-2012-3411, which is described in the following
>> bugzilla report:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=833033
>>
>> The following report is specifically for libvirt on Fedora:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=874702
>>
>> In short, a dnsmasq instance run with the intention of listening for
>> DHCP/DNS requests only on a libvirt virtual network (which is
>> constructed using a Linux host bridge) would also answer queries sent
>> from outside the virtualization host.
>>
> <snip>
>
> It's always nice to fully explain things in the commit message,
> as you have done here - not only does it make the reviewer's job
> easier today, but down the road, it will make it much easier to
> answer what the CVE was all about and who is impacted (or more
> specifically, that default installation is NOT impacted). Thanks
> for taking the time to write it up.
>
> ACK. And let's get this in, so distros can start backporting
> the CVE fix for the sake of those people who ARE impacted.
>
Thanks! I've pushed the entire series. I suppose I should now get to the
backports...
More information about the libvir-list
mailing list