Re: [libvirt] [PATCH] virlog: determine the hostname on startup CVE-2018-XXX
On Wed, Feb 07, 2018 at 09:58:21AM +0530, P J P wrote:
+-- On Mon, 5 Feb 2018, Daniel P. Berrangé wrote --+
| From: Lubomir Rintel <lkundrak(a)v3.sk>
|
| At later point it might not be possible or even safe to use getaddrinfo(). It
| can in turn result in a load of NSS module.
|
| Notably, on a LXC container startup we may find ourselves with the guest
| filesystem already having replaced the host one. Loading a NSS module
| from the guest tree could allow a malicous guest to escape the
| confinement of its container environment because libvirt will not yet
| have locked it down.
| ---
|
| NB, we're still awaiting CVE allocation before pushing to git
'CVE-2018-6764' has been assigned to this issue by Mitre.
Thanks, I have pushed this patch now
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|