Re: [PATCH] virlog: determine the hostname on startup CVE-2018-XXX

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Feb 07, 2018 at 09:58:21AM +0530, P J P wrote:
> +-- On Mon, 5 Feb 2018, Daniel P. Berrangé wrote --+
> | From: Lubomir Rintel <lkundrak@xxxxx>
> | 
> | At later point it might not be possible or even safe to use getaddrinfo(). It
> | can in turn result in a load of NSS module.
> | 
> | Notably, on a LXC container startup we may find ourselves with the guest
> | filesystem already having replaced the host one. Loading a NSS module
> | from the guest tree could allow a malicous guest to escape the
> | confinement of its container environment because libvirt will not yet
> | have locked it down.
> | ---
> | 
> | NB, we're still awaiting CVE allocation before pushing to git
> 
> 'CVE-2018-6764' has been assigned to this issue by Mitre.

Thanks, I have pushed this patch now


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux