[libvirt] [PATCH security-notice 0/4] Add missing security notices
This provides the security notices we've had so far in 2018 and a script to make future ones easier to create. Daniel P. Berrangé (4): LSN-2018-0001 / CVE-2017-5715 - Spectre variant 2 branch target injection LSN-2018-0002 / CVE-2018-5748 - QEMU monitor denial of service LSN-2018-0003 / CVE-2018-6764 - Insecure usage of NSS modules during container startup Add a script for generating a list of vulnerable tags & branches notices/2018/0001.xml | 276 ++++++++++++++++++++++++++++++++++++++ notices/2018/0002.xml | 274 +++++++++++++++++++++++++++++++++++++ notices/2018/0003.xml | 269 +++++++++++++++++++++++++++++++++++++ scripts/report-vulnerable-tags.pl | 108 +++++++++++++++ 4 files changed, 927 insertions(+) create mode 100644 notices/2018/0001.xml create mode 100644 notices/2018/0002.xml create mode 100644 notices/2018/0003.xml create mode 100644 scripts/report-vulnerable-tags.pl -- 2.14.3
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- notices/2018/0001.xml | 276 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 276 insertions(+) create mode 100644 notices/2018/0001.xml diff --git a/notices/2018/0001.xml b/notices/2018/0001.xml new file mode 100644 index 0000000..9acb303 --- /dev/null +++ b/notices/2018/0001.xml @@ -0,0 +1,276 @@ +<security-notice xmlns="http://security.libvirt.org/xmlns/security-notice/1.0"> + <id>2018-0001</id> + + <summary>Spectre variant 2 branch target injection</summary> + + <description> + <![CDATA[This is not a vulnerability in libvirt, rather it is + a set of changes in libvirt to enable mitigation of + the Spectre hardware flaws by providing extra CPU + models with the "spec-ctrl" feature . Refer to https://spectreattack.com/ + for further backend information.]]> + </description> + + <credits> + <reporter> + <name>Paolo Bonzini</name> + <email>pbonzini@redhat.com</email> + </reporter> + <patcher> + <name>Paolo Bonzini</name> + <email>pbonzini@redhat.com</email> + </patcher> + <patcher> + <name>Jiri Denemark</name> + <email>jdenemar@redhat.com</email> + </patcher> + </credits> + + <lifecycle> + <reported>20171212</reported> + <published>20180105</published> + <fixed>20180118</fixed> + </lifecycle> + + <reference> + <advisory type="CVE" id="2017-5715"/> + </reference> + + <product name="libvirt"> + <repository>libvirt.git</repository> + <branch> + <name>master</name> + <tag state="vulnerable">v0.2.0</tag> + <tag state="vulnerable">v0.2.1</tag> + <tag state="vulnerable">v0.2.2</tag> + <tag state="vulnerable">v0.2.3</tag> + <tag state="vulnerable">v0.3.0</tag> + <tag state="vulnerable">v0.3.1</tag> + <tag state="vulnerable">v0.3.2</tag> + <tag state="vulnerable">v0.3.3</tag> + <tag state="vulnerable">v0.4.1</tag> + <tag state="vulnerable">v0.4.2</tag> + <tag state="vulnerable">v0.4.4</tag> + <tag state="vulnerable">v0.4.6</tag> + <tag state="vulnerable">v0.5.0</tag> + <tag state="vulnerable">v0.5.1</tag> + <tag state="vulnerable">v0.6.0</tag> + <tag state="vulnerable">v0.6.1</tag> + <tag state="vulnerable">v0.6.2</tag> + <tag state="vulnerable">v0.6.3</tag> + <tag state="vulnerable">v0.6.4</tag> + <tag state="vulnerable">v0.6.5</tag> + <tag state="vulnerable">v0.7.0</tag> + <tag state="vulnerable">v0.7.1</tag> + <tag state="vulnerable">v0.7.2</tag> + <tag state="vulnerable">v0.7.3</tag> + <tag state="vulnerable">v0.7.4</tag> + <tag state="vulnerable">v0.7.5</tag> + <tag state="vulnerable">v0.7.6</tag> + <tag state="vulnerable">v0.7.7</tag> + <tag state="vulnerable">v0.8.0</tag> + <tag state="vulnerable">v0.8.1</tag> + <tag state="vulnerable">v0.8.2</tag> + <tag state="vulnerable">v0.8.3</tag> + <tag state="vulnerable">v0.8.4</tag> + <tag state="vulnerable">v0.8.5</tag> + <tag state="vulnerable">v0.8.6</tag> + <tag state="vulnerable">v0.8.7</tag> + <tag state="vulnerable">v0.8.8</tag> + <tag state="vulnerable">v0.9.0</tag> + <tag state="vulnerable">v0.9.1</tag> + <tag state="vulnerable">v0.9.2</tag> + <tag state="vulnerable">v0.9.3</tag> + <tag state="vulnerable">v0.9.4</tag> + <tag state="vulnerable">v0.9.5</tag> + <tag state="vulnerable">v0.9.6</tag> + <tag state="vulnerable">v0.9.7</tag> + <tag state="vulnerable">v0.9.8</tag> + <tag state="vulnerable">v0.9.9</tag> + <tag state="vulnerable">v0.9.10</tag> + <tag state="vulnerable">v0.9.11</tag> + <tag state="vulnerable">v0.9.12</tag> + <tag state="vulnerable">v0.9.13</tag> + <tag state="vulnerable">v0.10.0</tag> + <tag state="vulnerable">v0.10.1</tag> + <tag state="vulnerable">v0.10.2</tag> + <tag state="vulnerable">v1.0.0</tag> + <tag state="vulnerable">v1.0.1</tag> + <tag state="vulnerable">v1.0.2</tag> + <tag state="vulnerable">v1.0.3</tag> + <tag state="vulnerable">v1.0.4</tag> + <tag state="vulnerable">v1.0.5</tag> + <tag state="vulnerable">v1.0.6</tag> + <tag state="vulnerable">v1.1.0</tag> + <tag state="vulnerable">v1.1.1</tag> + <tag state="vulnerable">v1.1.2</tag> + <tag state="vulnerable">v1.1.3</tag> + <tag state="vulnerable">v1.1.4</tag> + <tag state="vulnerable">v1.2.0</tag> + <tag state="vulnerable">v1.2.1</tag> + <tag state="vulnerable">v1.2.2</tag> + <tag state="vulnerable">v1.2.3</tag> + <tag state="vulnerable">v1.2.4</tag> + <tag state="vulnerable">v1.2.5</tag> + <tag state="vulnerable">v1.2.6</tag> + <tag state="vulnerable">v1.2.7</tag> + <tag state="vulnerable">v1.2.8</tag> + <tag state="vulnerable">v1.2.9</tag> + <tag state="vulnerable">v1.2.10</tag> + <tag state="vulnerable">v1.2.11</tag> + <tag state="vulnerable">v1.2.12</tag> + <tag state="vulnerable">v1.2.13</tag> + <tag state="vulnerable">v1.2.14</tag> + <tag state="vulnerable">v1.2.15</tag> + <tag state="vulnerable">v1.2.16</tag> + <tag state="vulnerable">v1.2.17</tag> + <tag state="vulnerable">v1.2.18</tag> + <tag state="vulnerable">v1.2.19</tag> + <tag state="vulnerable">v1.2.20</tag> + <tag state="vulnerable">v1.2.21</tag> + <tag state="vulnerable">v1.3.0</tag> + <tag state="vulnerable">v1.3.1</tag> + <tag state="vulnerable">v1.3.2</tag> + <tag state="vulnerable">v1.3.3</tag> + <tag state="vulnerable">v1.3.4</tag> + <tag state="vulnerable">v1.3.5</tag> + <tag state="vulnerable">v2.0.0</tag> + <tag state="vulnerable">v2.1.0</tag> + <tag state="vulnerable">v2.2.0</tag> + <tag state="vulnerable">v2.3.0</tag> + <tag state="vulnerable">v2.4.0</tag> + <tag state="vulnerable">v2.5.0</tag> + <tag state="vulnerable">v3.0.0</tag> + <tag state="vulnerable">v3.1.0</tag> + <tag state="vulnerable">v3.2.0</tag> + <tag state="vulnerable">v3.3.0</tag> + <tag state="vulnerable">v3.4.0</tag> + <tag state="vulnerable">v3.5.0</tag> + <tag state="vulnerable">v3.6.0</tag> + <tag state="vulnerable">v3.7.0</tag> + <tag state="vulnerable">v3.8.0</tag> + <tag state="vulnerable">v3.9.0</tag> + <tag state="vulnerable">v3.10.0</tag> + <tag state="vulnerable">v4.0.0</tag> + <tag state="fixed">v4.1.0</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + <change state="fixed">24d504396c3c05eff87d29173a224e2faaeb2637</change> + <change state="fixed">b2042020c32b74069fa5365b5e966537aaba8cf6</change> + <change state="fixed">7bb4ce9761dfbd1620ddffb26fbd6f0ff1fedf3f</change> + <change state="fixed">49bffcb3cc1850d332b9648c686a7be18de9e708</change> + <change state="fixed">7f83eefa9e6940c83579d31941efd07fab1b90c8</change> + <change state="fixed">7dd85ff62d7080b52d4d175f53ad5eb11cdcfb9c</change> + <change state="fixed">203c92e9cc2db854199b39ef3ffcc10406d3c59e</change> + <change state="fixed">30b381cfdd5e92e5afa6de09f0fe533353e71d07</change> + <change state="fixed">2e3b220a874e558e54678afd7cf49466fe605e09</change> + <change state="fixed">6b7e7d1cc24a28a9f5ece8626f807189647d14b4</change> + <change state="fixed">6d4a3cd42781babed7d29b061e220ebff24dd43e</change> + </branch> + <branch> + <name>v0.9.6-maint</name> + <tag state="vulnerable">v0.9.6.1</tag> + <tag state="vulnerable">v0.9.6.2</tag> + <tag state="vulnerable">v0.9.6.3</tag> + <tag state="vulnerable">v0.9.6.4</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v0.9.11-maint</name> + <tag state="vulnerable">v0.9.11.1</tag> + <tag state="vulnerable">v0.9.11.2</tag> + <tag state="vulnerable">v0.9.11.3</tag> + <tag state="vulnerable">v0.9.11.4</tag> + <tag state="vulnerable">v0.9.11.5</tag> + <tag state="vulnerable">v0.9.11.6</tag> + <tag state="vulnerable">v0.9.11.7</tag> + <tag state="vulnerable">v0.9.11.8</tag> + <tag state="vulnerable">v0.9.11.9</tag> + <tag state="vulnerable">v0.9.11.10</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v0.9.12-maint</name> + <tag state="vulnerable">v0.9.12.1</tag> + <tag state="vulnerable">v0.9.12.2</tag> + <tag state="vulnerable">v0.9.12.3</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v0.10.2-maint</name> + <tag state="vulnerable">v0.10.2.1</tag> + <tag state="vulnerable">v0.10.2.2</tag> + <tag state="vulnerable">v0.10.2.3</tag> + <tag state="vulnerable">v0.10.2.4</tag> + <tag state="vulnerable">v0.10.2.5</tag> + <tag state="vulnerable">v0.10.2.6</tag> + <tag state="vulnerable">v0.10.2.7</tag> + <tag state="vulnerable">v0.10.2.8</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.0.5-maint</name> + <tag state="vulnerable">v1.0.5.1</tag> + <tag state="vulnerable">v1.0.5.2</tag> + <tag state="vulnerable">v1.0.5.3</tag> + <tag state="vulnerable">v1.0.5.4</tag> + <tag state="vulnerable">v1.0.5.5</tag> + <tag state="vulnerable">v1.0.5.6</tag> + <tag state="vulnerable">v1.0.5.7</tag> + <tag state="vulnerable">v1.0.5.8</tag> + <tag state="vulnerable">v1.0.5.9</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.1.3-maint</name> + <tag state="vulnerable">v1.1.3.1</tag> + <tag state="vulnerable">v1.1.3.2</tag> + <tag state="vulnerable">v1.1.3.3</tag> + <tag state="vulnerable">v1.1.3.4</tag> + <tag state="vulnerable">v1.1.3.5</tag> + <tag state="vulnerable">v1.1.3.6</tag> + <tag state="vulnerable">v1.1.3.7</tag> + <tag state="vulnerable">v1.1.3.8</tag> + <tag state="vulnerable">v1.1.3.9</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.9-maint</name> + <tag state="vulnerable">v1.2.9.1</tag> + <tag state="vulnerable">v1.2.9.2</tag> + <tag state="vulnerable">v1.2.9.3</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.13-maint</name> + <tag state="vulnerable">v1.2.13.1</tag> + <tag state="vulnerable">v1.2.13.2</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.18-maint</name> + <tag state="vulnerable">v1.2.18.1</tag> + <tag state="vulnerable">v1.2.18.2</tag> + <tag state="vulnerable">v1.2.18.3</tag> + <tag state="vulnerable">v1.2.18.4</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.3.3-maint</name> + <tag state="vulnerable">v1.3.3.1</tag> + <tag state="vulnerable">v1.3.3.2</tag> + <tag state="vulnerable">v1.3.3.3</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v2.2-maint</name> + <tag state="vulnerable">v2.2.1</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v3.2-maint</name> + <tag state="vulnerable">v3.2.1</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + </product> + +</security-notice> -- 2.14.3
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- notices/2018/0002.xml | 274 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 274 insertions(+) create mode 100644 notices/2018/0002.xml diff --git a/notices/2018/0002.xml b/notices/2018/0002.xml new file mode 100644 index 0000000..8b8e069 --- /dev/null +++ b/notices/2018/0002.xml @@ -0,0 +1,274 @@ +<security-notice xmlns="http://security.libvirt.org/xmlns/security-notice/1.0"> + <id>2018-0002</id> + + <summary>QEMU monitor denial of service</summary> + + <description> + <![CDATA[The libvirt code that reads data from the QEMU monitor will read + data until encountering a newline, buffering all data in memory + with no upper limit applied.]]> + </description> + + <impact> + <![CDATA[A malicious QEMU process can cause the libvirtd daemon to consume + an arbitrary amount of memory by sending lots of data without any newline + characters.]]> + </impact> + + <workaround> + <![CDATA[There is no practical workaround to prevent this happening, though to + exploit it a user would have to first break out of the guest into QEMU]]> + </workaround> + + <credits> + <reporter> + <name>Peter Krempa</name> + <email>pkrempa@redhat.com</email> + </reporter> + <reporter> + <name>Daniel P. Berrangé</name> + <email>berrange@redhat.com</email> + </reporter> + <patcher> + <name>Daniel P. Berrangé</name> + <email>berrange@redhat.com</email> + </patcher> + </credits> + + <lifecycle> + <reported>20171221</reported> + <published>20171221</published> + <fixed>20180118</fixed> + </lifecycle> + + <reference> + <advisory type="CVE" id="2018-5748"/> + </reference> + + <product name="libvirt"> + <repository>libvirt.git</repository> + <branch> + <name>master</name> + <tag state="vulnerable">v0.2.0</tag> + <tag state="vulnerable">v0.2.1</tag> + <tag state="vulnerable">v0.2.2</tag> + <tag state="vulnerable">v0.2.3</tag> + <tag state="vulnerable">v0.3.0</tag> + <tag state="vulnerable">v0.3.1</tag> + <tag state="vulnerable">v0.3.2</tag> + <tag state="vulnerable">v0.3.3</tag> + <tag state="vulnerable">v0.4.1</tag> + <tag state="vulnerable">v0.4.2</tag> + <tag state="vulnerable">v0.4.4</tag> + <tag state="vulnerable">v0.4.6</tag> + <tag state="vulnerable">v0.5.0</tag> + <tag state="vulnerable">v0.5.1</tag> + <tag state="vulnerable">v0.6.0</tag> + <tag state="vulnerable">v0.6.1</tag> + <tag state="vulnerable">v0.6.2</tag> + <tag state="vulnerable">v0.6.3</tag> + <tag state="vulnerable">v0.6.4</tag> + <tag state="vulnerable">v0.6.5</tag> + <tag state="vulnerable">v0.7.0</tag> + <tag state="vulnerable">v0.7.1</tag> + <tag state="vulnerable">v0.7.2</tag> + <tag state="vulnerable">v0.7.3</tag> + <tag state="vulnerable">v0.7.4</tag> + <tag state="vulnerable">v0.7.5</tag> + <tag state="vulnerable">v0.7.6</tag> + <tag state="vulnerable">v0.7.7</tag> + <tag state="vulnerable">v0.8.0</tag> + <tag state="vulnerable">v0.8.1</tag> + <tag state="vulnerable">v0.8.2</tag> + <tag state="vulnerable">v0.8.3</tag> + <tag state="vulnerable">v0.8.4</tag> + <tag state="vulnerable">v0.8.5</tag> + <tag state="vulnerable">v0.8.6</tag> + <tag state="vulnerable">v0.8.7</tag> + <tag state="vulnerable">v0.8.8</tag> + <tag state="vulnerable">v0.9.0</tag> + <tag state="vulnerable">v0.9.1</tag> + <tag state="vulnerable">v0.9.2</tag> + <tag state="vulnerable">v0.9.3</tag> + <tag state="vulnerable">v0.9.4</tag> + <tag state="vulnerable">v0.9.5</tag> + <tag state="vulnerable">v0.9.6</tag> + <tag state="vulnerable">v0.9.7</tag> + <tag state="vulnerable">v0.9.8</tag> + <tag state="vulnerable">v0.9.9</tag> + <tag state="vulnerable">v0.9.10</tag> + <tag state="vulnerable">v0.9.11</tag> + <tag state="vulnerable">v0.9.12</tag> + <tag state="vulnerable">v0.9.13</tag> + <tag state="vulnerable">v0.10.0</tag> + <tag state="vulnerable">v0.10.1</tag> + <tag state="vulnerable">v0.10.2</tag> + <tag state="vulnerable">v1.0.0</tag> + <tag state="vulnerable">v1.0.1</tag> + <tag state="vulnerable">v1.0.2</tag> + <tag state="vulnerable">v1.0.3</tag> + <tag state="vulnerable">v1.0.4</tag> + <tag state="vulnerable">v1.0.5</tag> + <tag state="vulnerable">v1.0.6</tag> + <tag state="vulnerable">v1.1.0</tag> + <tag state="vulnerable">v1.1.1</tag> + <tag state="vulnerable">v1.1.2</tag> + <tag state="vulnerable">v1.1.3</tag> + <tag state="vulnerable">v1.1.4</tag> + <tag state="vulnerable">v1.2.0</tag> + <tag state="vulnerable">v1.2.1</tag> + <tag state="vulnerable">v1.2.2</tag> + <tag state="vulnerable">v1.2.3</tag> + <tag state="vulnerable">v1.2.4</tag> + <tag state="vulnerable">v1.2.5</tag> + <tag state="vulnerable">v1.2.6</tag> + <tag state="vulnerable">v1.2.7</tag> + <tag state="vulnerable">v1.2.8</tag> + <tag state="vulnerable">v1.2.9</tag> + <tag state="vulnerable">v1.2.10</tag> + <tag state="vulnerable">v1.2.11</tag> + <tag state="vulnerable">v1.2.12</tag> + <tag state="vulnerable">v1.2.13</tag> + <tag state="vulnerable">v1.2.14</tag> + <tag state="vulnerable">v1.2.15</tag> + <tag state="vulnerable">v1.2.16</tag> + <tag state="vulnerable">v1.2.17</tag> + <tag state="vulnerable">v1.2.18</tag> + <tag state="vulnerable">v1.2.19</tag> + <tag state="vulnerable">v1.2.20</tag> + <tag state="vulnerable">v1.2.21</tag> + <tag state="vulnerable">v1.3.0</tag> + <tag state="vulnerable">v1.3.1</tag> + <tag state="vulnerable">v1.3.2</tag> + <tag state="vulnerable">v1.3.3</tag> + <tag state="vulnerable">v1.3.4</tag> + <tag state="vulnerable">v1.3.5</tag> + <tag state="vulnerable">v2.0.0</tag> + <tag state="vulnerable">v2.1.0</tag> + <tag state="vulnerable">v2.2.0</tag> + <tag state="vulnerable">v2.3.0</tag> + <tag state="vulnerable">v2.4.0</tag> + <tag state="vulnerable">v2.5.0</tag> + <tag state="vulnerable">v3.0.0</tag> + <tag state="vulnerable">v3.1.0</tag> + <tag state="vulnerable">v3.2.0</tag> + <tag state="vulnerable">v3.3.0</tag> + <tag state="vulnerable">v3.4.0</tag> + <tag state="vulnerable">v3.5.0</tag> + <tag state="vulnerable">v3.6.0</tag> + <tag state="vulnerable">v3.7.0</tag> + <tag state="vulnerable">v3.8.0</tag> + <tag state="vulnerable">v3.9.0</tag> + <tag state="vulnerable">v3.10.0</tag> + <tag state="fixed">v4.0.0</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + <change state="fixed">bc251ea91bcfddd2622fce6bce701a438b2e7276</change> + </branch> + <branch> + <name>v0.9.6-maint</name> + <tag state="vulnerable">v0.9.6.1</tag> + <tag state="vulnerable">v0.9.6.2</tag> + <tag state="vulnerable">v0.9.6.3</tag> + <tag state="vulnerable">v0.9.6.4</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v0.9.11-maint</name> + <tag state="vulnerable">v0.9.11.1</tag> + <tag state="vulnerable">v0.9.11.2</tag> + <tag state="vulnerable">v0.9.11.3</tag> + <tag state="vulnerable">v0.9.11.4</tag> + <tag state="vulnerable">v0.9.11.5</tag> + <tag state="vulnerable">v0.9.11.6</tag> + <tag state="vulnerable">v0.9.11.7</tag> + <tag state="vulnerable">v0.9.11.8</tag> + <tag state="vulnerable">v0.9.11.9</tag> + <tag state="vulnerable">v0.9.11.10</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v0.9.12-maint</name> + <tag state="vulnerable">v0.9.12.1</tag> + <tag state="vulnerable">v0.9.12.2</tag> + <tag state="vulnerable">v0.9.12.3</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v0.10.2-maint</name> + <tag state="vulnerable">v0.10.2.1</tag> + <tag state="vulnerable">v0.10.2.2</tag> + <tag state="vulnerable">v0.10.2.3</tag> + <tag state="vulnerable">v0.10.2.4</tag> + <tag state="vulnerable">v0.10.2.5</tag> + <tag state="vulnerable">v0.10.2.6</tag> + <tag state="vulnerable">v0.10.2.7</tag> + <tag state="vulnerable">v0.10.2.8</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.0.5-maint</name> + <tag state="vulnerable">v1.0.5.1</tag> + <tag state="vulnerable">v1.0.5.2</tag> + <tag state="vulnerable">v1.0.5.3</tag> + <tag state="vulnerable">v1.0.5.4</tag> + <tag state="vulnerable">v1.0.5.5</tag> + <tag state="vulnerable">v1.0.5.6</tag> + <tag state="vulnerable">v1.0.5.7</tag> + <tag state="vulnerable">v1.0.5.8</tag> + <tag state="vulnerable">v1.0.5.9</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.1.3-maint</name> + <tag state="vulnerable">v1.1.3.1</tag> + <tag state="vulnerable">v1.1.3.2</tag> + <tag state="vulnerable">v1.1.3.3</tag> + <tag state="vulnerable">v1.1.3.4</tag> + <tag state="vulnerable">v1.1.3.5</tag> + <tag state="vulnerable">v1.1.3.6</tag> + <tag state="vulnerable">v1.1.3.7</tag> + <tag state="vulnerable">v1.1.3.8</tag> + <tag state="vulnerable">v1.1.3.9</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.9-maint</name> + <tag state="vulnerable">v1.2.9.1</tag> + <tag state="vulnerable">v1.2.9.2</tag> + <tag state="vulnerable">v1.2.9.3</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.13-maint</name> + <tag state="vulnerable">v1.2.13.1</tag> + <tag state="vulnerable">v1.2.13.2</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.18-maint</name> + <tag state="vulnerable">v1.2.18.1</tag> + <tag state="vulnerable">v1.2.18.2</tag> + <tag state="vulnerable">v1.2.18.3</tag> + <tag state="vulnerable">v1.2.18.4</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.3.3-maint</name> + <tag state="vulnerable">v1.3.3.1</tag> + <tag state="vulnerable">v1.3.3.2</tag> + <tag state="vulnerable">v1.3.3.3</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v2.2-maint</name> + <tag state="vulnerable">v2.2.1</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v3.2-maint</name> + <tag state="vulnerable">v3.2.1</tag> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + </product> + +</security-notice> -- 2.14.3
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- notices/2018/0003.xml | 269 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 269 insertions(+) create mode 100644 notices/2018/0003.xml diff --git a/notices/2018/0003.xml b/notices/2018/0003.xml new file mode 100644 index 0000000..2c53626 --- /dev/null +++ b/notices/2018/0003.xml @@ -0,0 +1,269 @@ +<security-notice xmlns="http://security.libvirt.org/xmlns/security-notice/1.0"> + <id>2018-0003</id> + + <summary>Insecure usage of NSS modules during container startup</summary> + + <description> + <![CDATA[During container startup it is possible that libvirt logging + code will trigger a hostname lookup. This will in turn potentially + cause GLibC to load various NSS modules from the container's + root filesystem rather than the host's root filesystem. During this + time the host's root filesystem is still accessible and fully + writable]]> + </description> + + <impact> + <![CDATA[A maliciously crafted NSS module in the container's root filesystem + can exploit the host OS by writing content into the host's root + filesystem]]> + </impact> + + <workaround> + <![CDATA[There is no practical workaround]]> + </workaround> + + <credits> + <reporter> + <name>Lubomir Rintel</name> + <email>lkundrak@v3.sk</email> + </reporter> + <patcher> + <name>Lubomir Rintel</name> + <email>lkundrak@v3.sk</email> + </patcher> + <patcher> + <name>Daniel P. Berrangé</name> + <email>berrange@redhat.com</email> + </patcher> + </credits> + + <lifecycle> + <reported>20180127</reported> + <published>20180207</published> + <fixed>20180207</fixed> + </lifecycle> + + <reference> + <advisory type="CVE" id="2018-6764"/> + </reference> + + <product name="libvirt"> + <repository>libvirt.git</repository> + + <branch> + <name>master</name> + <tag state="vulnerable">v0.4.4</tag> + <tag state="vulnerable">v0.4.6</tag> + <tag state="vulnerable">v0.5.0</tag> + <tag state="vulnerable">v0.5.1</tag> + <tag state="vulnerable">v0.6.0</tag> + <tag state="vulnerable">v0.6.1</tag> + <tag state="vulnerable">v0.6.2</tag> + <tag state="vulnerable">v0.6.3</tag> + <tag state="vulnerable">v0.6.4</tag> + <tag state="vulnerable">v0.6.5</tag> + <tag state="vulnerable">v0.7.0</tag> + <tag state="vulnerable">v0.7.1</tag> + <tag state="vulnerable">v0.7.2</tag> + <tag state="vulnerable">v0.7.3</tag> + <tag state="vulnerable">v0.7.4</tag> + <tag state="vulnerable">v0.7.5</tag> + <tag state="vulnerable">v0.7.6</tag> + <tag state="vulnerable">v0.7.7</tag> + <tag state="vulnerable">v0.8.0</tag> + <tag state="vulnerable">v0.8.1</tag> + <tag state="vulnerable">v0.8.2</tag> + <tag state="vulnerable">v0.8.3</tag> + <tag state="vulnerable">v0.8.4</tag> + <tag state="vulnerable">v0.8.5</tag> + <tag state="vulnerable">v0.8.6</tag> + <tag state="vulnerable">v0.8.7</tag> + <tag state="vulnerable">v0.8.8</tag> + <tag state="vulnerable">v0.9.0</tag> + <tag state="vulnerable">v0.9.1</tag> + <tag state="vulnerable">v0.9.2</tag> + <tag state="vulnerable">v0.9.3</tag> + <tag state="vulnerable">v0.9.4</tag> + <tag state="vulnerable">v0.9.5</tag> + <tag state="vulnerable">v0.9.6</tag> + <tag state="vulnerable">v0.9.7</tag> + <tag state="vulnerable">v0.9.8</tag> + <tag state="vulnerable">v0.9.9</tag> + <tag state="vulnerable">v0.9.10</tag> + <tag state="vulnerable">v0.9.11</tag> + <tag state="vulnerable">v0.9.12</tag> + <tag state="vulnerable">v0.9.13</tag> + <tag state="vulnerable">v0.10.0</tag> + <tag state="vulnerable">v0.10.1</tag> + <tag state="vulnerable">v0.10.2</tag> + <tag state="vulnerable">v1.0.0</tag> + <tag state="vulnerable">v1.0.1</tag> + <tag state="vulnerable">v1.0.2</tag> + <tag state="vulnerable">v1.0.3</tag> + <tag state="vulnerable">v1.0.4</tag> + <tag state="vulnerable">v1.0.5</tag> + <tag state="vulnerable">v1.0.6</tag> + <tag state="vulnerable">v1.1.0</tag> + <tag state="vulnerable">v1.1.1</tag> + <tag state="vulnerable">v1.1.2</tag> + <tag state="vulnerable">v1.1.3</tag> + <tag state="vulnerable">v1.1.4</tag> + <tag state="vulnerable">v1.2.0</tag> + <tag state="vulnerable">v1.2.1</tag> + <tag state="vulnerable">v1.2.2</tag> + <tag state="vulnerable">v1.2.3</tag> + <tag state="vulnerable">v1.2.4</tag> + <tag state="vulnerable">v1.2.5</tag> + <tag state="vulnerable">v1.2.6</tag> + <tag state="vulnerable">v1.2.7</tag> + <tag state="vulnerable">v1.2.8</tag> + <tag state="vulnerable">v1.2.9</tag> + <tag state="vulnerable">v1.2.10</tag> + <tag state="vulnerable">v1.2.11</tag> + <tag state="vulnerable">v1.2.12</tag> + <tag state="vulnerable">v1.2.13</tag> + <tag state="vulnerable">v1.2.14</tag> + <tag state="vulnerable">v1.2.15</tag> + <tag state="vulnerable">v1.2.16</tag> + <tag state="vulnerable">v1.2.17</tag> + <tag state="vulnerable">v1.2.18</tag> + <tag state="vulnerable">v1.2.19</tag> + <tag state="vulnerable">v1.2.20</tag> + <tag state="vulnerable">v1.2.21</tag> + <tag state="vulnerable">v1.3.0</tag> + <tag state="vulnerable">v1.3.1</tag> + <tag state="vulnerable">v1.3.2</tag> + <tag state="vulnerable">v1.3.3</tag> + <tag state="vulnerable">v1.3.4</tag> + <tag state="vulnerable">v1.3.5</tag> + <tag state="vulnerable">v2.0.0</tag> + <tag state="vulnerable">v2.1.0</tag> + <tag state="vulnerable">v2.2.0</tag> + <tag state="vulnerable">v2.3.0</tag> + <tag state="vulnerable">v2.4.0</tag> + <tag state="vulnerable">v2.5.0</tag> + <tag state="vulnerable">v3.0.0</tag> + <tag state="vulnerable">v3.1.0</tag> + <tag state="vulnerable">v3.2.0</tag> + <tag state="vulnerable">v3.3.0</tag> + <tag state="vulnerable">v3.4.0</tag> + <tag state="vulnerable">v3.5.0</tag> + <tag state="vulnerable">v3.6.0</tag> + <tag state="vulnerable">v3.7.0</tag> + <tag state="vulnerable">v3.8.0</tag> + <tag state="vulnerable">v3.9.0</tag> + <tag state="vulnerable">v3.10.0</tag> + <tag state="vulnerable">v4.0.0</tag> + <tag state="fixed">v4.1.0</tag> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + <change state="fixed">759b4d1b0fe5f4d84d98b99153dfa7ac289dd167</change> + <change state="fixed">c2dc6698c88fb591639e542c8ecb0076c54f3dfb</change> + </branch> + <branch> + <name>v0.9.6-maint</name> + <tag state="vulnerable">v0.9.6.1</tag> + <tag state="vulnerable">v0.9.6.2</tag> + <tag state="vulnerable">v0.9.6.3</tag> + <tag state="vulnerable">v0.9.6.4</tag> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v0.9.11-maint</name> + <tag state="vulnerable">v0.9.11.1</tag> + <tag state="vulnerable">v0.9.11.2</tag> + <tag state="vulnerable">v0.9.11.3</tag> + <tag state="vulnerable">v0.9.11.4</tag> + <tag state="vulnerable">v0.9.11.5</tag> + <tag state="vulnerable">v0.9.11.6</tag> + <tag state="vulnerable">v0.9.11.7</tag> + <tag state="vulnerable">v0.9.11.8</tag> + <tag state="vulnerable">v0.9.11.9</tag> + <tag state="vulnerable">v0.9.11.10</tag> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v0.9.12-maint</name> + <tag state="vulnerable">v0.9.12.1</tag> + <tag state="vulnerable">v0.9.12.2</tag> + <tag state="vulnerable">v0.9.12.3</tag> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v0.10.2-maint</name> + <tag state="vulnerable">v0.10.2.1</tag> + <tag state="vulnerable">v0.10.2.2</tag> + <tag state="vulnerable">v0.10.2.3</tag> + <tag state="vulnerable">v0.10.2.4</tag> + <tag state="vulnerable">v0.10.2.5</tag> + <tag state="vulnerable">v0.10.2.6</tag> + <tag state="vulnerable">v0.10.2.7</tag> + <tag state="vulnerable">v0.10.2.8</tag> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.0.5-maint</name> + <tag state="vulnerable">v1.0.5.1</tag> + <tag state="vulnerable">v1.0.5.2</tag> + <tag state="vulnerable">v1.0.5.3</tag> + <tag state="vulnerable">v1.0.5.4</tag> + <tag state="vulnerable">v1.0.5.5</tag> + <tag state="vulnerable">v1.0.5.6</tag> + <tag state="vulnerable">v1.0.5.7</tag> + <tag state="vulnerable">v1.0.5.8</tag> + <tag state="vulnerable">v1.0.5.9</tag> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.1.3-maint</name> + <tag state="vulnerable">v1.1.3.1</tag> + <tag state="vulnerable">v1.1.3.2</tag> + <tag state="vulnerable">v1.1.3.3</tag> + <tag state="vulnerable">v1.1.3.4</tag> + <tag state="vulnerable">v1.1.3.5</tag> + <tag state="vulnerable">v1.1.3.6</tag> + <tag state="vulnerable">v1.1.3.7</tag> + <tag state="vulnerable">v1.1.3.8</tag> + <tag state="vulnerable">v1.1.3.9</tag> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.9-maint</name> + <tag state="vulnerable">v1.2.9.1</tag> + <tag state="vulnerable">v1.2.9.2</tag> + <tag state="vulnerable">v1.2.9.3</tag> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.13-maint</name> + <tag state="vulnerable">v1.2.13.1</tag> + <tag state="vulnerable">v1.2.13.2</tag> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.18-maint</name> + <tag state="vulnerable">v1.2.18.1</tag> + <tag state="vulnerable">v1.2.18.2</tag> + <tag state="vulnerable">v1.2.18.3</tag> + <tag state="vulnerable">v1.2.18.4</tag> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.3.3-maint</name> + <tag state="vulnerable">v1.3.3.1</tag> + <tag state="vulnerable">v1.3.3.2</tag> + <tag state="vulnerable">v1.3.3.3</tag> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v2.2-maint</name> + <tag state="vulnerable">v2.2.1</tag> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v3.2-maint</name> + <tag state="vulnerable">v3.2.1</tag> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + </product> + +</security-notice> -- 2.14.3
It is rather tedious making the list of vulnerable tags and branches for the security notice reports. This script takes the changeset of the commit that first introduced the flaw and then outputs an XML snippet listing every tag and branch which contains that vulnerable changeset. This can be copied straight into the security notice, meaning we just have to then fill out details of which changeset and tag fixed the flaw. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/report-vulnerable-tags.pl | 108 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 scripts/report-vulnerable-tags.pl diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl new file mode 100644 index 0000000..0b6ea6f --- /dev/null +++ b/scripts/report-vulnerable-tags.pl @@ -0,0 +1,108 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use Sort::Versions; + +if (int(@ARGV) != 1) { + die "syntax: $0 CHANGESET\n"; +} + +my $changeset = shift @ARGV; + +sub get_tags { + my @args = @_; + + my @tags; + open GIT, "-|", "git", "tag", @args or + die "cannot query 'git tags @args': $!\n"; + + while (<GIT>) { + chomp; + + # Drop anything except vN.N.N style tags + # where 'N' is only digits. + if (/^v(\d+)(\.\d+)+$/) { + push @tags, $_; + } + } + + close GIT; + + return @tags; +} + +sub get_branch { + my $tag = shift; + + my @branches; + open GIT, "-|", "git", "branch", "--all", "--contains", $tag or + die "cannot query 'git branch --all --contains $tag': $!\n"; + + while (<GIT>) { + chomp; + + if (m,^\s*remotes/origin/(v.*-maint)$,) { + push @branches, $1; + } + } + + close GIT; + + return @branches; +} + +my @branches; +my %tags; +my %branches; + +$branches{"master"} = []; +# Most tags live on master so lets get them first +for my $tag (get_tags("--contains", $changeset, "--merged", "master")) { + push @{$branches{"master"}}, $tag; + $tags{$tag} = 1; +} +push @branches, "master"; + +# Now we need slower work to find branches for +# few remaining tags +for my $tag (get_tags("--contains", $changeset)) { + + next if exists $tags{$tag}; + + my @tagbranches = get_branch($tag); + if (int(@tagbranches) == 0) { + if ($tag eq "v2.1.0") { + @tagbranches = ("master") + } else { + print "Tag $tag doesn't appear in any branch\n"; + next; + } + } + + if (int(@tagbranches) > 1) { + print "Tag $tag appears in multiple branches\n"; + } + + unless (exists($branches{$tagbranches[0]})) { + $branches{$tagbranches[0]} = []; + push @branches, $tagbranches[0]; + } + push @{$branches{$tagbranches[0]}}, $tag; +} + + +foreach my $branch (sort versioncmp @branches) { + print " <branch>\n"; + print " <name>$branch</name>\n"; + foreach my $tag (sort versioncmp @{$branches{$branch}}) { + print " <tag state=\"vulnerable\">$tag</tag>\n"; + } + print " <change state=\"vulnerable\">$changeset</change>\n"; + + if ($branch eq "master") { + print " <change state=\"fixed\"></change>\n"; + } + print " </branch>\n"; +} -- 2.14.3
participants (1)
-
Daniel P. Berrangé