(This obsoletes the V2 patches I sent yesterday: https://www.redhat.com/archives/libvir-list/2012-November/msg01216.html ) This patch series resolves the libvirt part of CVE 2012-3411: https://bugzilla.redhat.com/show_bug.cgi?id=833033 Further details are in PATCH 3/3. The changes from V1 to V3: (resulting from Doug Goldstein's review, and a comment in the BZ record from the CVE reporter, David Woodhouse) 1) rework dnsmasqCapsRefresh() to create a new caps object if it's given a NULL object (function now gets dnsmasqCapsPtr* instead of dnsmasCapsPtr). This makes it possible to recover properly if dnsmasq is installed after libvirtd has already been started. 2) Add the following before each run of dnsmasq: virCommandAddEnvPassCommon(cmd); virCommandClearCaps(cmd); 3) Fixed a missing space after comma :-) 4) remove empty if () { } around initial call to dnsmasqCapsNewFromBinary() in bridge_driver.c 5) include FEC0::/10 as a "local" range when checking for private addresses to allow in the absence of an updated dnsmasq. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list