On Wed, Feb 07, 2018 at 09:58:21AM +0530, P J P wrote: > +-- On Mon, 5 Feb 2018, Daniel P. Berrangé wrote --+ > | From: Lubomir Rintel <lkundrak@xxxxx> > | > | At later point it might not be possible or even safe to use getaddrinfo(). It > | can in turn result in a load of NSS module. > | > | Notably, on a LXC container startup we may find ourselves with the guest > | filesystem already having replaced the host one. Loading a NSS module > | from the guest tree could allow a malicous guest to escape the > | confinement of its container environment because libvirt will not yet > | have locked it down. > | --- > | > | NB, we're still awaiting CVE allocation before pushing to git > > 'CVE-2018-6764' has been assigned to this issue by Mitre. Thanks, I have pushed this patch now Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
