From nobody Wed May 14 15:05:10 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1520962167332657.24975700224;
 Tue, 13 Mar 2018 10:29:27 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id C357E883C3;
	Tue, 13 Mar 2018 17:29:25 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 8F15F7EA25;
	Tue, 13 Mar 2018 17:29:25 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4CA21180BAE5;
	Tue, 13 Mar 2018 17:29:25 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
	[10.11.54.4])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w2DHRncI005688 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 13 Mar 2018 13:27:50 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id C2F2B202322B; Tue, 13 Mar 2018 17:27:49 +0000 (UTC)
Received: from t460.redhat.com (unknown [10.33.36.27])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 53E8C2024CAB;
	Tue, 13 Mar 2018 17:27:49 +0000 (UTC)
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Date: Tue, 13 Mar 2018 17:27:36 +0000
Message-Id: <20180313172737.24214-4-berrange@redhat.com>
In-Reply-To: <20180313172737.24214-1-berrange@redhat.com>
References: <20180313172737.24214-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH security-notice 3/4] LSN-2018-0003 / CVE-2018-6764
	- Insecure usage of NSS modules during container startup
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]);
 Tue, 13 Mar 2018 17:29:26 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 notices/2018/0003.xml | 269 ++++++++++++++++++++++++++++++++++++++++++++++=
++++
 1 file changed, 269 insertions(+)
 create mode 100644 notices/2018/0003.xml

diff --git a/notices/2018/0003.xml b/notices/2018/0003.xml
new file mode 100644
index 0000000..2c53626
--- /dev/null
+++ b/notices/2018/0003.xml
@@ -0,0 +1,269 @@
+<security-notice xmlns=3D"http://security.libvirt.org/xmlns/security-notic=
e/1.0">
+  <id>2018-0003</id>
+
+  <summary>Insecure usage of NSS modules during container startup</summary>
+
+  <description>
+    <![CDATA[During container startup it is possible that libvirt logging
+	     code will trigger a hostname lookup. This will in turn potentially
+	     cause GLibC to load various NSS modules from the container's
+	     root filesystem rather than the host's root filesystem. During this
+	     time the host's root filesystem is still accessible and fully
+	     writable]]>
+  </description>
+
+  <impact>
+    <![CDATA[A maliciously crafted NSS module in the container's root file=
system
+	     can exploit the host OS by writing content into the host's root
+	     filesystem]]>
+  </impact>
+
+  <workaround>
+    <![CDATA[There is no practical workaround]]>
+  </workaround>
+
+  <credits>
+    <reporter>
+      <name>Lubomir Rintel</name>
+      <email>lkundrak@v3.sk</email>
+    </reporter>
+    <patcher>
+      <name>Lubomir Rintel</name>
+      <email>lkundrak@v3.sk</email>
+    </patcher>
+    <patcher>
+      <name>Daniel P. Berrang=C3=A9</name>
+      <email>berrange@redhat.com</email>
+    </patcher>
+  </credits>
+
+  <lifecycle>
+    <reported>20180127</reported>
+    <published>20180207</published>
+    <fixed>20180207</fixed>
+  </lifecycle>
+
+  <reference>
+    <advisory type=3D"CVE" id=3D"2018-6764"/>
+  </reference>
+
+  <product name=3D"libvirt">
+    <repository>libvirt.git</repository>
+
+    <branch>
+      <name>master</name>
+      <tag state=3D"vulnerable">v0.4.4</tag>
+      <tag state=3D"vulnerable">v0.4.6</tag>
+      <tag state=3D"vulnerable">v0.5.0</tag>
+      <tag state=3D"vulnerable">v0.5.1</tag>
+      <tag state=3D"vulnerable">v0.6.0</tag>
+      <tag state=3D"vulnerable">v0.6.1</tag>
+      <tag state=3D"vulnerable">v0.6.2</tag>
+      <tag state=3D"vulnerable">v0.6.3</tag>
+      <tag state=3D"vulnerable">v0.6.4</tag>
+      <tag state=3D"vulnerable">v0.6.5</tag>
+      <tag state=3D"vulnerable">v0.7.0</tag>
+      <tag state=3D"vulnerable">v0.7.1</tag>
+      <tag state=3D"vulnerable">v0.7.2</tag>
+      <tag state=3D"vulnerable">v0.7.3</tag>
+      <tag state=3D"vulnerable">v0.7.4</tag>
+      <tag state=3D"vulnerable">v0.7.5</tag>
+      <tag state=3D"vulnerable">v0.7.6</tag>
+      <tag state=3D"vulnerable">v0.7.7</tag>
+      <tag state=3D"vulnerable">v0.8.0</tag>
+      <tag state=3D"vulnerable">v0.8.1</tag>
+      <tag state=3D"vulnerable">v0.8.2</tag>
+      <tag state=3D"vulnerable">v0.8.3</tag>
+      <tag state=3D"vulnerable">v0.8.4</tag>
+      <tag state=3D"vulnerable">v0.8.5</tag>
+      <tag state=3D"vulnerable">v0.8.6</tag>
+      <tag state=3D"vulnerable">v0.8.7</tag>
+      <tag state=3D"vulnerable">v0.8.8</tag>
+      <tag state=3D"vulnerable">v0.9.0</tag>
+      <tag state=3D"vulnerable">v0.9.1</tag>
+      <tag state=3D"vulnerable">v0.9.2</tag>
+      <tag state=3D"vulnerable">v0.9.3</tag>
+      <tag state=3D"vulnerable">v0.9.4</tag>
+      <tag state=3D"vulnerable">v0.9.5</tag>
+      <tag state=3D"vulnerable">v0.9.6</tag>
+      <tag state=3D"vulnerable">v0.9.7</tag>
+      <tag state=3D"vulnerable">v0.9.8</tag>
+      <tag state=3D"vulnerable">v0.9.9</tag>
+      <tag state=3D"vulnerable">v0.9.10</tag>
+      <tag state=3D"vulnerable">v0.9.11</tag>
+      <tag state=3D"vulnerable">v0.9.12</tag>
+      <tag state=3D"vulnerable">v0.9.13</tag>
+      <tag state=3D"vulnerable">v0.10.0</tag>
+      <tag state=3D"vulnerable">v0.10.1</tag>
+      <tag state=3D"vulnerable">v0.10.2</tag>
+      <tag state=3D"vulnerable">v1.0.0</tag>
+      <tag state=3D"vulnerable">v1.0.1</tag>
+      <tag state=3D"vulnerable">v1.0.2</tag>
+      <tag state=3D"vulnerable">v1.0.3</tag>
+      <tag state=3D"vulnerable">v1.0.4</tag>
+      <tag state=3D"vulnerable">v1.0.5</tag>
+      <tag state=3D"vulnerable">v1.0.6</tag>
+      <tag state=3D"vulnerable">v1.1.0</tag>
+      <tag state=3D"vulnerable">v1.1.1</tag>
+      <tag state=3D"vulnerable">v1.1.2</tag>
+      <tag state=3D"vulnerable">v1.1.3</tag>
+      <tag state=3D"vulnerable">v1.1.4</tag>
+      <tag state=3D"vulnerable">v1.2.0</tag>
+      <tag state=3D"vulnerable">v1.2.1</tag>
+      <tag state=3D"vulnerable">v1.2.2</tag>
+      <tag state=3D"vulnerable">v1.2.3</tag>
+      <tag state=3D"vulnerable">v1.2.4</tag>
+      <tag state=3D"vulnerable">v1.2.5</tag>
+      <tag state=3D"vulnerable">v1.2.6</tag>
+      <tag state=3D"vulnerable">v1.2.7</tag>
+      <tag state=3D"vulnerable">v1.2.8</tag>
+      <tag state=3D"vulnerable">v1.2.9</tag>
+      <tag state=3D"vulnerable">v1.2.10</tag>
+      <tag state=3D"vulnerable">v1.2.11</tag>
+      <tag state=3D"vulnerable">v1.2.12</tag>
+      <tag state=3D"vulnerable">v1.2.13</tag>
+      <tag state=3D"vulnerable">v1.2.14</tag>
+      <tag state=3D"vulnerable">v1.2.15</tag>
+      <tag state=3D"vulnerable">v1.2.16</tag>
+      <tag state=3D"vulnerable">v1.2.17</tag>
+      <tag state=3D"vulnerable">v1.2.18</tag>
+      <tag state=3D"vulnerable">v1.2.19</tag>
+      <tag state=3D"vulnerable">v1.2.20</tag>
+      <tag state=3D"vulnerable">v1.2.21</tag>
+      <tag state=3D"vulnerable">v1.3.0</tag>
+      <tag state=3D"vulnerable">v1.3.1</tag>
+      <tag state=3D"vulnerable">v1.3.2</tag>
+      <tag state=3D"vulnerable">v1.3.3</tag>
+      <tag state=3D"vulnerable">v1.3.4</tag>
+      <tag state=3D"vulnerable">v1.3.5</tag>
+      <tag state=3D"vulnerable">v2.0.0</tag>
+      <tag state=3D"vulnerable">v2.1.0</tag>
+      <tag state=3D"vulnerable">v2.2.0</tag>
+      <tag state=3D"vulnerable">v2.3.0</tag>
+      <tag state=3D"vulnerable">v2.4.0</tag>
+      <tag state=3D"vulnerable">v2.5.0</tag>
+      <tag state=3D"vulnerable">v3.0.0</tag>
+      <tag state=3D"vulnerable">v3.1.0</tag>
+      <tag state=3D"vulnerable">v3.2.0</tag>
+      <tag state=3D"vulnerable">v3.3.0</tag>
+      <tag state=3D"vulnerable">v3.4.0</tag>
+      <tag state=3D"vulnerable">v3.5.0</tag>
+      <tag state=3D"vulnerable">v3.6.0</tag>
+      <tag state=3D"vulnerable">v3.7.0</tag>
+      <tag state=3D"vulnerable">v3.8.0</tag>
+      <tag state=3D"vulnerable">v3.9.0</tag>
+      <tag state=3D"vulnerable">v3.10.0</tag>
+      <tag state=3D"vulnerable">v4.0.0</tag>
+      <tag state=3D"fixed">v4.1.0</tag>
+      <change state=3D"vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac10=
1</change>
+      <change state=3D"fixed">759b4d1b0fe5f4d84d98b99153dfa7ac289dd167</ch=
ange>
+      <change state=3D"fixed">c2dc6698c88fb591639e542c8ecb0076c54f3dfb</ch=
ange>
+    </branch>
+    <branch>
+      <name>v0.9.6-maint</name>
+      <tag state=3D"vulnerable">v0.9.6.1</tag>
+      <tag state=3D"vulnerable">v0.9.6.2</tag>
+      <tag state=3D"vulnerable">v0.9.6.3</tag>
+      <tag state=3D"vulnerable">v0.9.6.4</tag>
+      <change state=3D"vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac10=
1</change>
+    </branch>
+    <branch>
+      <name>v0.9.11-maint</name>
+      <tag state=3D"vulnerable">v0.9.11.1</tag>
+      <tag state=3D"vulnerable">v0.9.11.2</tag>
+      <tag state=3D"vulnerable">v0.9.11.3</tag>
+      <tag state=3D"vulnerable">v0.9.11.4</tag>
+      <tag state=3D"vulnerable">v0.9.11.5</tag>
+      <tag state=3D"vulnerable">v0.9.11.6</tag>
+      <tag state=3D"vulnerable">v0.9.11.7</tag>
+      <tag state=3D"vulnerable">v0.9.11.8</tag>
+      <tag state=3D"vulnerable">v0.9.11.9</tag>
+      <tag state=3D"vulnerable">v0.9.11.10</tag>
+      <change state=3D"vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac10=
1</change>
+    </branch>
+    <branch>
+      <name>v0.9.12-maint</name>
+      <tag state=3D"vulnerable">v0.9.12.1</tag>
+      <tag state=3D"vulnerable">v0.9.12.2</tag>
+      <tag state=3D"vulnerable">v0.9.12.3</tag>
+      <change state=3D"vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac10=
1</change>
+    </branch>
+    <branch>
+      <name>v0.10.2-maint</name>
+      <tag state=3D"vulnerable">v0.10.2.1</tag>
+      <tag state=3D"vulnerable">v0.10.2.2</tag>
+      <tag state=3D"vulnerable">v0.10.2.3</tag>
+      <tag state=3D"vulnerable">v0.10.2.4</tag>
+      <tag state=3D"vulnerable">v0.10.2.5</tag>
+      <tag state=3D"vulnerable">v0.10.2.6</tag>
+      <tag state=3D"vulnerable">v0.10.2.7</tag>
+      <tag state=3D"vulnerable">v0.10.2.8</tag>
+      <change state=3D"vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac10=
1</change>
+    </branch>
+    <branch>
+      <name>v1.0.5-maint</name>
+      <tag state=3D"vulnerable">v1.0.5.1</tag>
+      <tag state=3D"vulnerable">v1.0.5.2</tag>
+      <tag state=3D"vulnerable">v1.0.5.3</tag>
+      <tag state=3D"vulnerable">v1.0.5.4</tag>
+      <tag state=3D"vulnerable">v1.0.5.5</tag>
+      <tag state=3D"vulnerable">v1.0.5.6</tag>
+      <tag state=3D"vulnerable">v1.0.5.7</tag>
+      <tag state=3D"vulnerable">v1.0.5.8</tag>
+      <tag state=3D"vulnerable">v1.0.5.9</tag>
+      <change state=3D"vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac10=
1</change>
+    </branch>
+    <branch>
+      <name>v1.1.3-maint</name>
+      <tag state=3D"vulnerable">v1.1.3.1</tag>
+      <tag state=3D"vulnerable">v1.1.3.2</tag>
+      <tag state=3D"vulnerable">v1.1.3.3</tag>
+      <tag state=3D"vulnerable">v1.1.3.4</tag>
+      <tag state=3D"vulnerable">v1.1.3.5</tag>
+      <tag state=3D"vulnerable">v1.1.3.6</tag>
+      <tag state=3D"vulnerable">v1.1.3.7</tag>
+      <tag state=3D"vulnerable">v1.1.3.8</tag>
+      <tag state=3D"vulnerable">v1.1.3.9</tag>
+      <change state=3D"vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac10=
1</change>
+    </branch>
+    <branch>
+      <name>v1.2.9-maint</name>
+      <tag state=3D"vulnerable">v1.2.9.1</tag>
+      <tag state=3D"vulnerable">v1.2.9.2</tag>
+      <tag state=3D"vulnerable">v1.2.9.3</tag>
+      <change state=3D"vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac10=
1</change>
+    </branch>
+    <branch>
+      <name>v1.2.13-maint</name>
+      <tag state=3D"vulnerable">v1.2.13.1</tag>
+      <tag state=3D"vulnerable">v1.2.13.2</tag>
+      <change state=3D"vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac10=
1</change>
+    </branch>
+    <branch>
+      <name>v1.2.18-maint</name>
+      <tag state=3D"vulnerable">v1.2.18.1</tag>
+      <tag state=3D"vulnerable">v1.2.18.2</tag>
+      <tag state=3D"vulnerable">v1.2.18.3</tag>
+      <tag state=3D"vulnerable">v1.2.18.4</tag>
+      <change state=3D"vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac10=
1</change>
+    </branch>
+    <branch>
+      <name>v1.3.3-maint</name>
+      <tag state=3D"vulnerable">v1.3.3.1</tag>
+      <tag state=3D"vulnerable">v1.3.3.2</tag>
+      <tag state=3D"vulnerable">v1.3.3.3</tag>
+      <change state=3D"vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac10=
1</change>
+    </branch>
+    <branch>
+      <name>v2.2-maint</name>
+      <tag state=3D"vulnerable">v2.2.1</tag>
+      <change state=3D"vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac10=
1</change>
+    </branch>
+    <branch>
+      <name>v3.2-maint</name>
+      <tag state=3D"vulnerable">v3.2.1</tag>
+      <change state=3D"vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac10=
1</change>
+    </branch>
+  </product>
+
+</security-notice>
--=20
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list