External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-11 15:27:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
13,412 Commits 67 Branches 630 Tags 885 MiB
C 94.8%
Python 2%
Meson 0.9%
Shell 0.8%
Dockerfile 0.6%
Other 0.8%
67a2f4c6d8
Go to file
Daniel P. Berrange 67a2f4c6d8 Crash of libvirtd by unprivileged user in virConnectListAllInterfaces 
On Thu, Jun 27, 2013 at 03:56:42PM +0100, Daniel P. Berrange wrote:
> Hi Security Team,
>
> I've discovered a way for an unprivileged user with a readonly connection
> to libvirtd, to crash the daemon.

Ok, the final patch for this is issue will be the simpler variant that
Eric suggested

The embargo can be considered to be lifted on Monday July 1st, at
0900 UTC

The following is the GIT change that DV or myself will apply to libvirt
GIT master immediately before the 1.1.0 release:

>From 177b4165c531a4b3ba7f6ab6aa41dca9ceb0b8cf Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Fri, 28 Jun 2013 10:48:37 +0100
Subject: [PATCH] CVE-2013-2218: Fix crash listing network interfaces with
 filters

The virConnectListAllInterfaces method has a double-free of the
'struct netcf_if' object when any of the filtering flags cause
an interface to be skipped over. For example when running the
command 'virsh iface-list --inactive'

This is a regression introduced in release 1.0.6 by

  commit 7ac2c4fe62
  Author: Guannan Ren <gren@redhat.com>
  Date:   Tue May 21 21:29:38 2013 +0800

    interface: list all interfaces with flags == 0

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 244e0b8cf1)
2013-07-01 11:48:41 +01:00
.gnulib@a363f4ed4a build: update to latest gnulib, for syntax-check 2013-05-10 20:52:57 -06:00
build-aux syntax-check: mandate space after mid-line semicolon 2013-05-28 08:26:05 -06:00
daemon build: cast [ug]id_t when printing 2013-05-30 10:36:16 -06:00
docs Release of libvirt 1.0.6 2013-06-03 12:09:56 +02:00
examples syntax: prefer space after semicolon in for loop 2013-05-28 07:56:07 -06:00
gnulib maint: use LGPL correctly 2013-05-20 14:03:48 -06:00
include Change virConnectDomainEventGraphicsCallback signature 2013-05-22 18:53:59 +02:00
m4 FreeBSD: disable buggy -fstack-protector-all 2013-05-15 15:20:52 -06:00
po Release of libvirt 1.0.6 2013-06-03 12:09:56 +02:00
python syntax: prefer space after semicolon in for loop 2013-05-28 07:56:07 -06:00
src Crash of libvirtd by unprivileged user in virConnectListAllInterfaces 2013-07-01 11:48:41 +01:00
tests Storage: Fix the indention of rbd test file 2013-06-03 11:20:01 +08:00
tools virsh: edit: don't leak XML string on reedit or redefine 2013-06-26 17:20:40 +02:00
.dir-locals.el build: avoid tabs that failed syntax-check 2012-09-06 09:43:46 -06:00
.gitignore maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
.gitmodules make .gnulib a submodule 2009-07-08 16:17:51 +02:00
.mailmap Autogenerate AUTHORS 2012-10-19 12:44:56 -04:00
AUTHORS.in Add John Ferlan to the committers list 2013-02-05 10:59:32 -05:00
autobuild.sh Set PKG_CONFIG_LIBDIR in autobuild.sh 2013-05-17 17:09:29 +01:00
autogen.sh build: fix incremental autogen.sh when no AUTHORS is present 2012-12-03 14:59:09 -07:00
bootstrap maint: update to latest gnulib 2013-05-08 14:54:04 -06:00
bootstrap.conf Include GNULIB mkdtemp module 2013-05-17 17:09:29 +01:00
cfg.mk syntax: fix broken error message in previous patch 2013-05-28 09:52:03 -06:00
ChangeLog-old virterror.c: Fix several spelling mistakes 2012-02-03 11:32:51 -07:00
configure.ac Release of libvirt 1.0.6 2013-06-03 12:09:56 +02:00
COPYING maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
COPYING.LESSER maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
HACKING syntax-check: mandate space after mid-line semicolon 2013-05-28 08:26:05 -06:00
libvirt.pc.in build: silence warning from autoconf 2012-05-30 09:22:02 -06:00
libvirt.spec.in spec: Explicitly require libgcrypt-devel 2013-06-03 10:16:13 -06:00
Makefile.am maint: use LGPL correctly 2013-05-20 14:03:48 -06:00
Makefile.nonreentrant maint: use LGPL correctly 2013-05-20 14:03:48 -06:00
mingw-libvirt.spec.in test: Return Libvirt logo as domain screenshot 2013-04-02 14:38:56 +02:00
README Correct typos in the documentation (Atsushi SAKAI) 2008-01-24 10:15:13 +00:00
README-hacking maint: relax git minimum version 2010-02-24 14:29:27 -05:00
run.in run: license as LGPL 2013-02-23 14:03:19 -07:00
TODO Update todo list file to point at bugzilla/website 2010-10-13 16:45:26 +01:00

README 

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>