[libvirt] [PATCH] virlog: determine the hostname on startup CVE-2018-XXX
Daniel P. Berrangé
berrange at redhat.com
Wed Feb 7 13:13:04 UTC 2018
On Wed, Feb 07, 2018 at 09:58:21AM +0530, P J P wrote:
> +-- On Mon, 5 Feb 2018, Daniel P. Berrangé wrote --+
> | From: Lubomir Rintel <lkundrak at v3.sk>
> |
> | At later point it might not be possible or even safe to use getaddrinfo(). It
> | can in turn result in a load of NSS module.
> |
> | Notably, on a LXC container startup we may find ourselves with the guest
> | filesystem already having replaced the host one. Loading a NSS module
> | from the guest tree could allow a malicous guest to escape the
> | confinement of its container environment because libvirt will not yet
> | have locked it down.
> | ---
> |
> | NB, we're still awaiting CVE allocation before pushing to git
>
> 'CVE-2018-6764' has been assigned to this issue by Mitre.
Thanks, I have pushed this patch now
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list