Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 812317 (CVE-2021-3667) - <app-emulation/libvirt-7.7.0: unlock pool objects on ACL check failures
Summary: <app-emulation/libvirt-7.7.0: unlock pool objects on ACL check failures
Status: RESOLVED FIXED
Alias: CVE-2021-3667
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 817929
Blocks: CVE-2021-3631
  Show dependency tree
 
Reported: 2021-09-09 19:04 UTC by Jonathan Davies
Modified: 2022-10-16 14:58 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jonathan Davies 2021-09-09 19:04:55 UTC 
CVE-2021-3667:
| https://libvirt.org/news.html
| storage: Unlock pool objects on ACL check failures in
| storagePoolLookupByTargetPath (CVE-2021-3667)
|
| A logic bug in storagePoolLookupByTargetPath where the storage pool
| object was left locked after a failure of the ACL check could potentially
| deprive legitimate users access to a storage pool object by users who don't
| have access.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-09 19:46:01 UTC 
Thanks for reporting! Maintainers, please bump.
Comment 2 Larry the Git Cow gentoo-dev 2021-09-10 15:32:20 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81e9174865c0134c98c143516861e8eb07cac289

commit 81e9174865c0134c98c143516861e8eb07cac289
Author:     Jonathan Davies <jpds@protonmail.com>
AuthorDate: 2021-09-10 13:55:41 +0000
Commit:     Matthias Maier <tamiko@gentoo.org>
CommitDate: 2021-09-10 15:31:48 +0000

    app-emulation/libvirt: Version updated to 7.7.0.
    
    Bug: https://bugs.gentoo.org/812317
    
    Signed-off-by: Jonathan Davies <jpds@protonmail.com>
    Signed-off-by: Matthias Maier <tamiko@gentoo.org>

 app-emulation/libvirt/Manifest             |   2 +
 app-emulation/libvirt/libvirt-7.7.0.ebuild | 327 +++++++++++++++++++++++++++++
 2 files changed, 329 insertions(+)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-10 17:56:59 UTC 
Thanks! Please file a stablereq when ready.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-16 14:48:49 UTC 
Please cleanup
Comment 5 Jonathan Davies 2021-10-18 21:56:59 UTC 
This is blocked on https://github.com/perfinion/hardened-refpolicy/commit/f04ea627a99d4b6650f22da3ac0a4e4a97b34b63 being stabilized into the policy packages as if it's not present with the newer libvirt version - everything breaks for enforcing users.
Comment 6 Larry the Git Cow gentoo-dev 2022-01-04 16:33:56 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef3fbdc9009cda15df509eee2ac0bcdd187155ec

commit ef3fbdc9009cda15df509eee2ac0bcdd187155ec
Author:     Matthias Maier <tamiko@gentoo.org>
AuthorDate: 2022-01-04 16:30:08 +0000
Commit:     Matthias Maier <tamiko@gentoo.org>
CommitDate: 2022-01-04 16:32:01 +0000

    app-emulation/libvirt: drop old versions
    
    Bug: https://bugs.gentoo.org/812317
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Matthias Maier <tamiko@gentoo.org>

 app-emulation/libvirt/Manifest                     |  16 -
 .../libvirt/files/libvirt-6.7.0-doc-path.patch     |   9 -
 .../libvirt-7.0.0-fix_virtproxyd_unit_file.patch   |  18 --
 ...ix-virCgroupKillRecursive-wrt-nested-cont.patch | 189 -----------
 app-emulation/libvirt/libvirt-7.0.0-r4.ebuild      | 348 ---------------------
 app-emulation/libvirt/libvirt-7.1.0-r2.ebuild      | 335 --------------------
 app-emulation/libvirt/libvirt-7.2.0-r2.ebuild      | 329 -------------------
 app-emulation/libvirt/libvirt-7.3.0-r1.ebuild      | 326 -------------------
 app-emulation/libvirt/libvirt-7.4.0-r1.ebuild      | 327 -------------------
 app-emulation/libvirt/libvirt-7.5.0-r1.ebuild      | 327 -------------------
 app-emulation/libvirt/libvirt-7.8.0-r1.ebuild      | 336 --------------------
 app-emulation/libvirt/libvirt-7.9.0-r2.ebuild      | 337 --------------------
 12 files changed, 2897 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9524493ee1d1222de324d949e0829a10798f8b7

commit e9524493ee1d1222de324d949e0829a10798f8b7
Author:     Matthias Maier <tamiko@gentoo.org>
AuthorDate: 2022-01-04 16:28:55 +0000
Commit:     Matthias Maier <tamiko@gentoo.org>
CommitDate: 2022-01-04 16:28:55 +0000

    dev-python/libvirt-python: drop old versions
    
    Bug: https://bugs.gentoo.org/812317
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Matthias Maier <tamiko@gentoo.org>

 dev-python/libvirt-python/Manifest                 | 16 -------
 .../libvirt-python/libvirt-python-7.0.0.ebuild     | 51 ----------------------
 .../libvirt-python/libvirt-python-7.1.0.ebuild     | 51 ----------------------
 .../libvirt-python/libvirt-python-7.2.0.ebuild     | 51 ----------------------
 .../libvirt-python/libvirt-python-7.3.0.ebuild     | 51 ----------------------
 .../libvirt-python/libvirt-python-7.4.0.ebuild     | 51 ----------------------
 .../libvirt-python/libvirt-python-7.5.0.ebuild     | 51 ----------------------
 .../libvirt-python/libvirt-python-7.8.0.ebuild     | 51 ----------------------
 .../libvirt-python/libvirt-python-7.9.0.ebuild     | 51 ----------------------
 9 files changed, 424 deletions(-)
Comment 7 Michal Privoznik 2022-04-07 19:45:00 UTC 
Since there's no ebuild for <libvirt-7.7.0 can this be closed?
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-09 13:47:37 UTC 
(In reply to Michal Privoznik from comment #7)
> Since there's no ebuild for <libvirt-7.7.0 can this be closed?

Needs GLSA.
Comment 9 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-14 03:24:51 UTC 
GLSA request filed
Comment 10 Larry the Git Cow gentoo-dev 2022-10-16 14:46:14 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=48e6804ed5fa75343b7496c1033000fda3741b42

commit 48e6804ed5fa75343b7496c1033000fda3741b42
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-10-16 14:42:10 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-16 14:45:24 +0000

    [ GLSA 202210-06 ] libvirt: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/746119
    Bug: https://bugs.gentoo.org/799713
    Bug: https://bugs.gentoo.org/812317
    Bug: https://bugs.gentoo.org/836128
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202210-06.xml | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
Comment 11 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-16 14:57:57 UTC 
GLSA released, all done!