Univention Bugzilla – Bug 40317
libvirt: multiple issues (4.1)
Last modified: 2017-11-01 17:13:12 CET
The following issue has been identified in libvirt: * ACL bypass using ../ to access beyond storage pool (CVE-2015-5313)
The issue is minor and tagged no-dsa in Debian: <https://security-tracker.debian.org/tracker/CVE-2015-5313> As we need to update libvirt anyway from our own 1.2.7, switch to 1.2.9 from Debian-Wheezy, which is maintained. The CVE was fixed by me for Debian, currently waiting for upload to jessie-proposed-updates. Please note that UCS-3.3 also uses 1.2.9, so the version in 4.0 is actually lower than in 3.3! $ repo_admin.py --cherrypick -r 4.0 -s errata4.0-4 --releasedest 4.1 --dest errata4.1-1 -p libvirt r16168 | patch Package: libvirt Version: 1.2.9-9+deb8u2.138.201603111914 Branch: ucs_4.1-0 Scope: errata4.1-1 r68044 | Bug #40317 libvirt: YAML libvirt.yaml
repo_admin.py --cherrypick -r 4.0 --releasedest 4.1 --dest errata4.1-1 -p libnl Package: libnl Version: 1.1-7.15.201603141220 Branch: ucs_4.1-0 Scope: errata4.1-1 r68064 | Bug #40317 libnl: YAML libnl.yaml
See Jenkins tests: http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-1/job/Autotest%20MultiEnv/lastCompletedBuild/SambaVersion=s3,Systemrolle=member/testReport/20_appcenter/20_can_apps_be_installed/test/ [2016-03-14 20:41:39.117882]Die folgenden Pakete haben unerfüllte Abhängigkeiten: [2016-03-14 20:41:39.117989] univention-virtual-machine-manager-node-kvm : Hängt ab von: libvirt-daemon-system soll aber nicht installiert werden (2016-03-14 20:41:39.129813)E: Probleme können nicht korrigiert werden, Sie haben zurückgehaltene defekte Pakete. (In reply to Philipp Hahn from comment #2) > repo_admin.py --cherrypick -r 4.0 --releasedest 4.1 --dest errata4.1-1 -p > libnl > > Package: libnl > Version: 1.1-7.15.201603141220 > Branch: ucs_4.1-0 > Scope: errata4.1-1 Maybe the package is not yet maintained?
$ repo_admin.py --cherrypick -r 4.0 --releasedest 4.1 --dest errata4.1-1 -p netcf Package: netcf Version: 0.1.9-2.5.201603151048 Branch: ucs_4.1-0 Scope: errata4.1-1 r68089 | Bug #40317 netcf: YAML netcf.yaml
Reopn: As this is the same version as Bug #40318, it suffers from the same issues, see there.
r16477 | Bug #40318 libvirt: qemu-kvm-1.1.2 JSON migration Package: libvirt Version: 1.2.9-9+deb8u2.141.201605091248 Branch: ucs_4.1-0 Scope: errata4.1-1
OK: Patch for live migration applied OK: Functionality OK: I moved the yaml file to ucs 4.1-2 and adapted it to be released for 4.1-1,2 r69256 r69257 Verified
r69346 | Bug #40317 libvirt: Move additional YAML files
<http://errata.software-univention.de/ucs/4.1/177.html> <http://errata.software-univention.de/ucs/4.1/178.html> <http://errata.software-univention.de/ucs/4.1/179.html>