From ${URL} : A path traversal vulnerability allowing libvirtd process to write arbitrary files on file system using root permissions was found. The user with storage_vol:create ACL permission can exploit this vulnerability without the need of having write access to the libvirtd connection (domain:write permission). commit fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=034e47c338b13a95cf02106a3af912c1c5f818d7 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
tamiko: If you get to this before I fix my Gentoo committing machine, 1.3.0 does not have this fix. Its a post 1.3.0 fix so when you bump to 1.3.0 just make sure to grab the patch.
Arches, please stabilize app-emulation/libvirt-1.2.21-r1 Target-keywords: amd64, x86 @Doug: I will wait for a bump for 1.3.0 for a tagged minor version bump from upstream (containing the patch). commit 7230e64625a7b356b43335ce7cadb321a0b7cb16 Author: Matthias Maier <tamiko@gentoo.org> Date: Tue Dec 22 00:13:56 2015 -0600 app-emulation/libvirt: remove vuln. 1.2.(20|21) (CVE-2015-5313, bug #568870) This is a cleanup for CVE-2015-5313 bug 568870. Gentoo-Bugs: 568870 Package-Manager: portage-2.2.26 commit c8308f11262b27472963c980f11f980f795f3d52 Author: Matthias Maier <tamiko@gentoo.org> Date: Tue Dec 22 00:12:19 2015 -0600 dev-python/libvirt-python: remove 1.2.20 and 1.2.21 (bug #568870) This is a cleanup for CVE-2015-5313 bug 568870. Gentoo-Bugs: 568870 Package-Manager: portage-2.2.26 commit 6420c69559c3b40f127215bb0c3e8a8556b6fefa Author: Matthias Maier <tamiko@gentoo.org> Date: Tue Dec 22 00:09:46 2015 -0600 app-emulation/libvirt: security fix for 1.2.21 (CVE-2015-5313, bug #568870) Apply fix for CVE-2015-5313 to 1.2.21: A path-traversal flaw was found in the way the libvirt daemon handled file-system names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. Gentoo-Bug: 568870 Package-Manager: portage-2.2.26
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
commit fee80067dca04cacb1a09290044fcbbadfdbd3cb Author: Matthias Maier <tamiko@gentoo.org> Date: Tue Dec 22 10:07:19 2015 -0600 app-emulation/libvirt: remove vulnerable 1.2.18 (CVE-2015-5313, bug #568870) This is a cleanup for CVE-2015-5313 bug 568870. Gentoo-Bugs: 568870 Package-Manager: portage-2.2.26 commit ad61c216ab0aca87770e18351b4f478ce97d259c Author: Matthias Maier <tamiko@gentoo.org> Date: Tue Dec 22 10:08:45 2015 -0600 dev-python/libvirt-python: remove 1.2.18 (bug #568870) This is a cleanup for CVE-2015-5313 bug 568870. Gentoo-Bugs: 568870 Package-Manager: portage-2.2.26
Arches and Maintainer(s), Thank you for your work. GLSA Vote: Yes New GLSA Request filed.
This issue was resolved and addressed in GLSA 201612-10 at https://security.gentoo.org/glsa/201612-10 by GLSA coordinator Aaron Bauman (b-man).
