20 Jun
2019
20 Jun
'19
9:02 p.m.
This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> --- src/libvirt-domain.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 6355f497ce..50767a75ed 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -11367,6 +11367,7 @@ virConnectGetDomainCapabilities(virConnectPtr conn, virResetLastError(); virCheckConnectReturn(conn, NULL); + virCheckReadOnlyGoto(conn->flags, error); if (conn->driver->connectGetDomainCapabilities) { char *ret; -- 2.20.1