[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCHv3 0/3] network: resolve CVE 2012-3411



(This obsoletes the V2 patches I sent yesterday: 
 https://www.redhat.com/archives/libvir-list/2012-November/msg01216.html )

This patch series resolves the libvirt part of CVE 2012-3411:

   https://bugzilla.redhat.com/show_bug.cgi?id=833033

Further details are in PATCH 3/3.

The changes from V1 to V3: (resulting from Doug Goldstein's review,
and a comment in the BZ record from the CVE reporter, David Woodhouse)

1) rework dnsmasqCapsRefresh() to create a new caps object if it's
   given a NULL object (function now gets dnsmasqCapsPtr* instead of
   dnsmasCapsPtr). This makes it possible to recover properly if dnsmasq
   is installed after libvirtd has already been started.

2) Add the following before each run of dnsmasq:

    virCommandAddEnvPassCommon(cmd);
    virCommandClearCaps(cmd);

3) Fixed a missing space after comma :-)

4) remove empty if () { } around initial call to
   dnsmasqCapsNewFromBinary() in bridge_driver.c

5) include FEC0::/10 as a "local" range when checking for private
   addresses to allow in the absence of an updated dnsmasq.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]