Summary: | <app-emulation/libvirt-7.5.0: insufficient guest isolation with SELinux (CVE-2021-3631) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | michal.privoznik, sam, selinux, tamiko, virtualization |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gitlab.com/libvirt/libvirt/-/issues/153 | ||
Whiteboard: | B4 [glsa+] | ||
Package list: |
app-emulation/libvirt-7.5.0 *
|
Runtime testing required: | --- |
Bug Depends on: | 812317 | ||
Bug Blocks: |
Description
John Helmert III
2021-07-01 14:15:16 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a3cc8f45694d05c69f0009f546798323a84fae9 commit 3a3cc8f45694d05c69f0009f546798323a84fae9 Author: Jonathan Davies <jpds@protonmail.com> AuthorDate: 2021-07-07 19:05:44 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-07-14 17:56:31 +0000 app-emulation/libvirt: Version updated to 7.5.0, with changes: * Use meson_feature for apparmor_profiles. * Updated minimum Xen version to 4.9.0. Bug: https://bugs.gentoo.org/799713 Signed-off-by: Jonathan Davies <jpds@protonmail.com> Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-emulation/libvirt/Manifest | 2 + app-emulation/libvirt/libvirt-7.5.0.ebuild | 327 +++++++++++++++++++++++++++++ 2 files changed, 329 insertions(+) https://github.com/SELinuxProject/refpolicy/pull/395 needs to be merged into our policy packages before we stabilize this... or everything is going to break for users enforcing selinux. Unable to check for sanity:
> no match for package: app-emulation/libvirt-7.5.0
Since there's no ebuild for <libvirt-7.5.0 anymore can this be closed? (In reply to Michal Privoznik from comment #4) > Since there's no ebuild for <libvirt-7.5.0 anymore can this be closed? Needs GLSA. GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=48e6804ed5fa75343b7496c1033000fda3741b42 commit 48e6804ed5fa75343b7496c1033000fda3741b42 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-16 14:42:10 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 14:45:24 +0000 [ GLSA 202210-06 ] libvirt: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/746119 Bug: https://bugs.gentoo.org/799713 Bug: https://bugs.gentoo.org/812317 Bug: https://bugs.gentoo.org/836128 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-06.xml | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) GLSA released, all done! |