[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#36634: Virtual Machine Manager (virt-manager)
From: |
Tobias Geerinckx-Rice |
Subject: |
bug#36634: Virtual Machine Manager (virt-manager) |
Date: |
Mon, 23 Sep 2019 06:30:14 +0200 |
Chrisen,
Chris Marusich 写道:
In the meantime, should we revert to version 5.4.0 in Guix? I'm
not
sure if there are any security vulnerabilities between 5.4.0 and
the
most recent release, but this bug is currently preventing me
from
creating any VMs at all in Guix using virt-manager, which is
pretty bad.
Yes! (which is why I originally updated this package):
v5.5.0 (2019-07-02)
Security
api: Prevent access to several APIs over read-only
connections
Certain APIs give root-equivalent access to the host,
and as
such should be limited to privileged
users. CVE-2019-10161,
CVE-2019-10166, CVE-2019-10167, CVE-2019-10168.
https://libvirt.org/news.html
It might be easy to backport. I didn't try, and I no longer use
libvirt myself.
What's weird (maybe; I haven't kept up with the thread) is that I
used libvirt 5.5.0 (and yes, it was 5.5.0) for a while without
problems. I don't remember whether I created any *new* VMs,
though.
Kind regards,
T G-R
signature.asc
Description: PGP signature