libvirt: fix CVE-2021-3667 - linux/meta-virtualization.git - Mirror of git.yoctoproject.org/meta-virtualization

diff options

author	Xu, Yanfei <yanfei.xu@windriver.com>	2021-11-23 15:50:31 +0800
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2021-11-24 16:57:20 -0500
commit	da0f1599ce3e001c809a2ddb9d0a1c75491dda94 (patch)
tree	b09785bcecdee3b994238c3f9aa3ed1a52d143da /recipes-networking/openvswitch/files/python-switch-remaining-scripts-to-use-python3.patch
parent	9148b795f3b5a383c680ec6c3fae376d40d5265f (diff)
download	meta-virtualization-da0f1599ce3e001c809a2ddb9d0a1c75491dda94.tar.gz

libvirt: fix CVE-2021-3667

Backport a fix for CVE-2021-3667. The CVE discription: An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1986094 Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

Diffstat (limited to 'recipes-networking/openvswitch/files/python-switch-remaining-scripts-to-use-python3.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: