From nobody Wed May 8 02:23:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1520962072099303.50906684112476; Tue, 13 Mar 2018 10:27:52 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DB8D4883AB; Tue, 13 Mar 2018 17:27:50 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B607C60471; Tue, 13 Mar 2018 17:27:50 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 77889181B9FD; Tue, 13 Mar 2018 17:27:50 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w2DHRmtY005664 for ; Tue, 13 Mar 2018 13:27:48 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6821C2026E04; Tue, 13 Mar 2018 17:27:48 +0000 (UTC) Received: from t460.redhat.com (unknown [10.33.36.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id D1DCF2026DFD; Tue, 13 Mar 2018 17:27:47 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Tue, 13 Mar 2018 17:27:34 +0000 Message-Id: <20180313172737.24214-2-berrange@redhat.com> In-Reply-To: <20180313172737.24214-1-berrange@redhat.com> References: <20180313172737.24214-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH security-notice 1/4] LSN-2018-0001 / CVE-2017-5715 - Spectre variant 2 branch target injection X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 13 Mar 2018 17:27:51 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Signed-off-by: Daniel P. Berrang=C3=A9 --- notices/2018/0001.xml | 276 ++++++++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 276 insertions(+) create mode 100644 notices/2018/0001.xml diff --git a/notices/2018/0001.xml b/notices/2018/0001.xml new file mode 100644 index 0000000..9acb303 --- /dev/null +++ b/notices/2018/0001.xml @@ -0,0 +1,276 @@ + + 2018-0001 + + Spectre variant 2 branch target injection + + + + + + + + Paolo Bonzini + pbonzini@redhat.com + + + Paolo Bonzini + pbonzini@redhat.com + + + Jiri Denemark + jdenemar@redhat.com + + + + + 20171212 + 20180105 + 20180118 + + + + + + + + libvirt.git + + master + v0.2.0 + v0.2.1 + v0.2.2 + v0.2.3 + v0.3.0 + v0.3.1 + v0.3.2 + v0.3.3 + v0.4.1 + v0.4.2 + v0.4.4 + v0.4.6 + v0.5.0 + v0.5.1 + v0.6.0 + v0.6.1 + v0.6.2 + v0.6.3 + v0.6.4 + v0.6.5 + v0.7.0 + v0.7.1 + v0.7.2 + v0.7.3 + v0.7.4 + v0.7.5 + v0.7.6 + v0.7.7 + v0.8.0 + v0.8.1 + v0.8.2 + v0.8.3 + v0.8.4 + v0.8.5 + v0.8.6 + v0.8.7 + v0.8.8 + v0.9.0 + v0.9.1 + v0.9.2 + v0.9.3 + v0.9.4 + v0.9.5 + v0.9.6 + v0.9.7 + v0.9.8 + v0.9.9 + v0.9.10 + v0.9.11 + v0.9.12 + v0.9.13 + v0.10.0 + v0.10.1 + v0.10.2 + v1.0.0 + v1.0.1 + v1.0.2 + v1.0.3 + v1.0.4 + v1.0.5 + v1.0.6 + v1.1.0 + v1.1.1 + v1.1.2 + v1.1.3 + v1.1.4 + v1.2.0 + v1.2.1 + v1.2.2 + v1.2.3 + v1.2.4 + v1.2.5 + v1.2.6 + v1.2.7 + v1.2.8 + v1.2.9 + v1.2.10 + v1.2.11 + v1.2.12 + v1.2.13 + v1.2.14 + v1.2.15 + v1.2.16 + v1.2.17 + v1.2.18 + v1.2.19 + v1.2.20 + v1.2.21 + v1.3.0 + v1.3.1 + v1.3.2 + v1.3.3 + v1.3.4 + v1.3.5 + v2.0.0 + v2.1.0 + v2.2.0 + v2.3.0 + v2.4.0 + v2.5.0 + v3.0.0 + v3.1.0 + v3.2.0 + v3.3.0 + v3.4.0 + v3.5.0 + v3.6.0 + v3.7.0 + v3.8.0 + v3.9.0 + v3.10.0 + v4.0.0 + v4.1.0 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + 24d504396c3c05eff87d29173a224e2faaeb2637 + b2042020c32b74069fa5365b5e966537aaba8cf6 + 7bb4ce9761dfbd1620ddffb26fbd6f0ff1fedf3f + 49bffcb3cc1850d332b9648c686a7be18de9e708 + 7f83eefa9e6940c83579d31941efd07fab1b90c8 + 7dd85ff62d7080b52d4d175f53ad5eb11cdcfb9c + 203c92e9cc2db854199b39ef3ffcc10406d3c59e + 30b381cfdd5e92e5afa6de09f0fe533353e71d07 + 2e3b220a874e558e54678afd7cf49466fe605e09 + 6b7e7d1cc24a28a9f5ece8626f807189647d14b4 + 6d4a3cd42781babed7d29b061e220ebff24dd43e + + + v0.9.6-maint + v0.9.6.1 + v0.9.6.2 + v0.9.6.3 + v0.9.6.4 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v0.9.11-maint + v0.9.11.1 + v0.9.11.2 + v0.9.11.3 + v0.9.11.4 + v0.9.11.5 + v0.9.11.6 + v0.9.11.7 + v0.9.11.8 + v0.9.11.9 + v0.9.11.10 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v0.9.12-maint + v0.9.12.1 + v0.9.12.2 + v0.9.12.3 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v0.10.2-maint + v0.10.2.1 + v0.10.2.2 + v0.10.2.3 + v0.10.2.4 + v0.10.2.5 + v0.10.2.6 + v0.10.2.7 + v0.10.2.8 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v1.0.5-maint + v1.0.5.1 + v1.0.5.2 + v1.0.5.3 + v1.0.5.4 + v1.0.5.5 + v1.0.5.6 + v1.0.5.7 + v1.0.5.8 + v1.0.5.9 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v1.1.3-maint + v1.1.3.1 + v1.1.3.2 + v1.1.3.3 + v1.1.3.4 + v1.1.3.5 + v1.1.3.6 + v1.1.3.7 + v1.1.3.8 + v1.1.3.9 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v1.2.9-maint + v1.2.9.1 + v1.2.9.2 + v1.2.9.3 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v1.2.13-maint + v1.2.13.1 + v1.2.13.2 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v1.2.18-maint + v1.2.18.1 + v1.2.18.2 + v1.2.18.3 + v1.2.18.4 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v1.3.3-maint + v1.3.3.1 + v1.3.3.2 + v1.3.3.3 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v2.2-maint + v2.2.1 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v3.2-maint + v3.2.1 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + + --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 8 02:23:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1520962076596753.55890661638; Tue, 13 Mar 2018 10:27:56 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 69A1E23E6C9; Tue, 13 Mar 2018 17:27:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3B7AE18E3F; Tue, 13 Mar 2018 17:27:54 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id ED05D180BAD5; Tue, 13 Mar 2018 17:27:53 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w2DHRnco005673 for ; Tue, 13 Mar 2018 13:27:49 -0400 Received: by smtp.corp.redhat.com (Postfix) id 1D0F22026E03; Tue, 13 Mar 2018 17:27:49 +0000 (UTC) Received: from t460.redhat.com (unknown [10.33.36.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9E52C2026DFD; Tue, 13 Mar 2018 17:27:48 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Tue, 13 Mar 2018 17:27:35 +0000 Message-Id: <20180313172737.24214-3-berrange@redhat.com> In-Reply-To: <20180313172737.24214-1-berrange@redhat.com> References: <20180313172737.24214-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH security-notice 2/4] LSN-2018-0002 / CVE-2018-5748 - QEMU monitor denial of service X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 13 Mar 2018 17:27:55 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Signed-off-by: Daniel P. Berrang=C3=A9 --- notices/2018/0002.xml | 274 ++++++++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 274 insertions(+) create mode 100644 notices/2018/0002.xml diff --git a/notices/2018/0002.xml b/notices/2018/0002.xml new file mode 100644 index 0000000..8b8e069 --- /dev/null +++ b/notices/2018/0002.xml @@ -0,0 +1,274 @@ + + 2018-0002 + + QEMU monitor denial of service + + + + + + + + + + + + + + + + Peter Krempa + pkrempa@redhat.com + + + Daniel P. Berrang=C3=A9 + berrange@redhat.com + + + Daniel P. Berrang=C3=A9 + berrange@redhat.com + + + + + 20171221 + 20171221 + 20180118 + + + + + + + + libvirt.git + + master + v0.2.0 + v0.2.1 + v0.2.2 + v0.2.3 + v0.3.0 + v0.3.1 + v0.3.2 + v0.3.3 + v0.4.1 + v0.4.2 + v0.4.4 + v0.4.6 + v0.5.0 + v0.5.1 + v0.6.0 + v0.6.1 + v0.6.2 + v0.6.3 + v0.6.4 + v0.6.5 + v0.7.0 + v0.7.1 + v0.7.2 + v0.7.3 + v0.7.4 + v0.7.5 + v0.7.6 + v0.7.7 + v0.8.0 + v0.8.1 + v0.8.2 + v0.8.3 + v0.8.4 + v0.8.5 + v0.8.6 + v0.8.7 + v0.8.8 + v0.9.0 + v0.9.1 + v0.9.2 + v0.9.3 + v0.9.4 + v0.9.5 + v0.9.6 + v0.9.7 + v0.9.8 + v0.9.9 + v0.9.10 + v0.9.11 + v0.9.12 + v0.9.13 + v0.10.0 + v0.10.1 + v0.10.2 + v1.0.0 + v1.0.1 + v1.0.2 + v1.0.3 + v1.0.4 + v1.0.5 + v1.0.6 + v1.1.0 + v1.1.1 + v1.1.2 + v1.1.3 + v1.1.4 + v1.2.0 + v1.2.1 + v1.2.2 + v1.2.3 + v1.2.4 + v1.2.5 + v1.2.6 + v1.2.7 + v1.2.8 + v1.2.9 + v1.2.10 + v1.2.11 + v1.2.12 + v1.2.13 + v1.2.14 + v1.2.15 + v1.2.16 + v1.2.17 + v1.2.18 + v1.2.19 + v1.2.20 + v1.2.21 + v1.3.0 + v1.3.1 + v1.3.2 + v1.3.3 + v1.3.4 + v1.3.5 + v2.0.0 + v2.1.0 + v2.2.0 + v2.3.0 + v2.4.0 + v2.5.0 + v3.0.0 + v3.1.0 + v3.2.0 + v3.3.0 + v3.4.0 + v3.5.0 + v3.6.0 + v3.7.0 + v3.8.0 + v3.9.0 + v3.10.0 + v4.0.0 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + bc251ea91bcfddd2622fce6bce701a438b2e7276 + + + v0.9.6-maint + v0.9.6.1 + v0.9.6.2 + v0.9.6.3 + v0.9.6.4 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v0.9.11-maint + v0.9.11.1 + v0.9.11.2 + v0.9.11.3 + v0.9.11.4 + v0.9.11.5 + v0.9.11.6 + v0.9.11.7 + v0.9.11.8 + v0.9.11.9 + v0.9.11.10 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v0.9.12-maint + v0.9.12.1 + v0.9.12.2 + v0.9.12.3 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v0.10.2-maint + v0.10.2.1 + v0.10.2.2 + v0.10.2.3 + v0.10.2.4 + v0.10.2.5 + v0.10.2.6 + v0.10.2.7 + v0.10.2.8 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v1.0.5-maint + v1.0.5.1 + v1.0.5.2 + v1.0.5.3 + v1.0.5.4 + v1.0.5.5 + v1.0.5.6 + v1.0.5.7 + v1.0.5.8 + v1.0.5.9 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v1.1.3-maint + v1.1.3.1 + v1.1.3.2 + v1.1.3.3 + v1.1.3.4 + v1.1.3.5 + v1.1.3.6 + v1.1.3.7 + v1.1.3.8 + v1.1.3.9 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v1.2.9-maint + v1.2.9.1 + v1.2.9.2 + v1.2.9.3 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v1.2.13-maint + v1.2.13.1 + v1.2.13.2 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v1.2.18-maint + v1.2.18.1 + v1.2.18.2 + v1.2.18.3 + v1.2.18.4 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v1.3.3-maint + v1.3.3.1 + v1.3.3.2 + v1.3.3.3 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v2.2-maint + v2.2.1 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + v3.2-maint + v3.2.1 + 23ad665cb05ef9ce7d298cc34bff5efb95ef694= 8 + + + + --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 8 02:23:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1520962167332657.24975700224; Tue, 13 Mar 2018 10:29:27 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C357E883C3; Tue, 13 Mar 2018 17:29:25 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8F15F7EA25; Tue, 13 Mar 2018 17:29:25 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4CA21180BAE5; Tue, 13 Mar 2018 17:29:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w2DHRncI005688 for ; Tue, 13 Mar 2018 13:27:50 -0400 Received: by smtp.corp.redhat.com (Postfix) id C2F2B202322B; Tue, 13 Mar 2018 17:27:49 +0000 (UTC) Received: from t460.redhat.com (unknown [10.33.36.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 53E8C2024CAB; Tue, 13 Mar 2018 17:27:49 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Tue, 13 Mar 2018 17:27:36 +0000 Message-Id: <20180313172737.24214-4-berrange@redhat.com> In-Reply-To: <20180313172737.24214-1-berrange@redhat.com> References: <20180313172737.24214-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH security-notice 3/4] LSN-2018-0003 / CVE-2018-6764 - Insecure usage of NSS modules during container startup X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 13 Mar 2018 17:29:26 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Signed-off-by: Daniel P. Berrang=C3=A9 --- notices/2018/0003.xml | 269 ++++++++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 269 insertions(+) create mode 100644 notices/2018/0003.xml diff --git a/notices/2018/0003.xml b/notices/2018/0003.xml new file mode 100644 index 0000000..2c53626 --- /dev/null +++ b/notices/2018/0003.xml @@ -0,0 +1,269 @@ + + 2018-0003 + + Insecure usage of NSS modules during container startup + + + + + + + + + + + + + + + + Lubomir Rintel + lkundrak@v3.sk + + + Lubomir Rintel + lkundrak@v3.sk + + + Daniel P. Berrang=C3=A9 + berrange@redhat.com + + + + + 20180127 + 20180207 + 20180207 + + + + + + + + libvirt.git + + + master + v0.4.4 + v0.4.6 + v0.5.0 + v0.5.1 + v0.6.0 + v0.6.1 + v0.6.2 + v0.6.3 + v0.6.4 + v0.6.5 + v0.7.0 + v0.7.1 + v0.7.2 + v0.7.3 + v0.7.4 + v0.7.5 + v0.7.6 + v0.7.7 + v0.8.0 + v0.8.1 + v0.8.2 + v0.8.3 + v0.8.4 + v0.8.5 + v0.8.6 + v0.8.7 + v0.8.8 + v0.9.0 + v0.9.1 + v0.9.2 + v0.9.3 + v0.9.4 + v0.9.5 + v0.9.6 + v0.9.7 + v0.9.8 + v0.9.9 + v0.9.10 + v0.9.11 + v0.9.12 + v0.9.13 + v0.10.0 + v0.10.1 + v0.10.2 + v1.0.0 + v1.0.1 + v1.0.2 + v1.0.3 + v1.0.4 + v1.0.5 + v1.0.6 + v1.1.0 + v1.1.1 + v1.1.2 + v1.1.3 + v1.1.4 + v1.2.0 + v1.2.1 + v1.2.2 + v1.2.3 + v1.2.4 + v1.2.5 + v1.2.6 + v1.2.7 + v1.2.8 + v1.2.9 + v1.2.10 + v1.2.11 + v1.2.12 + v1.2.13 + v1.2.14 + v1.2.15 + v1.2.16 + v1.2.17 + v1.2.18 + v1.2.19 + v1.2.20 + v1.2.21 + v1.3.0 + v1.3.1 + v1.3.2 + v1.3.3 + v1.3.4 + v1.3.5 + v2.0.0 + v2.1.0 + v2.2.0 + v2.3.0 + v2.4.0 + v2.5.0 + v3.0.0 + v3.1.0 + v3.2.0 + v3.3.0 + v3.4.0 + v3.5.0 + v3.6.0 + v3.7.0 + v3.8.0 + v3.9.0 + v3.10.0 + v4.0.0 + v4.1.0 + 9ae41a71ac457994b7ca975e9eec7c3fc13ac10= 1 + 759b4d1b0fe5f4d84d98b99153dfa7ac289dd167 + c2dc6698c88fb591639e542c8ecb0076c54f3dfb + + + v0.9.6-maint + v0.9.6.1 + v0.9.6.2 + v0.9.6.3 + v0.9.6.4 + 9ae41a71ac457994b7ca975e9eec7c3fc13ac10= 1 + + + v0.9.11-maint + v0.9.11.1 + v0.9.11.2 + v0.9.11.3 + v0.9.11.4 + v0.9.11.5 + v0.9.11.6 + v0.9.11.7 + v0.9.11.8 + v0.9.11.9 + v0.9.11.10 + 9ae41a71ac457994b7ca975e9eec7c3fc13ac10= 1 + + + v0.9.12-maint + v0.9.12.1 + v0.9.12.2 + v0.9.12.3 + 9ae41a71ac457994b7ca975e9eec7c3fc13ac10= 1 + + + v0.10.2-maint + v0.10.2.1 + v0.10.2.2 + v0.10.2.3 + v0.10.2.4 + v0.10.2.5 + v0.10.2.6 + v0.10.2.7 + v0.10.2.8 + 9ae41a71ac457994b7ca975e9eec7c3fc13ac10= 1 + + + v1.0.5-maint + v1.0.5.1 + v1.0.5.2 + v1.0.5.3 + v1.0.5.4 + v1.0.5.5 + v1.0.5.6 + v1.0.5.7 + v1.0.5.8 + v1.0.5.9 + 9ae41a71ac457994b7ca975e9eec7c3fc13ac10= 1 + + + v1.1.3-maint + v1.1.3.1 + v1.1.3.2 + v1.1.3.3 + v1.1.3.4 + v1.1.3.5 + v1.1.3.6 + v1.1.3.7 + v1.1.3.8 + v1.1.3.9 + 9ae41a71ac457994b7ca975e9eec7c3fc13ac10= 1 + + + v1.2.9-maint + v1.2.9.1 + v1.2.9.2 + v1.2.9.3 + 9ae41a71ac457994b7ca975e9eec7c3fc13ac10= 1 + + + v1.2.13-maint + v1.2.13.1 + v1.2.13.2 + 9ae41a71ac457994b7ca975e9eec7c3fc13ac10= 1 + + + v1.2.18-maint + v1.2.18.1 + v1.2.18.2 + v1.2.18.3 + v1.2.18.4 + 9ae41a71ac457994b7ca975e9eec7c3fc13ac10= 1 + + + v1.3.3-maint + v1.3.3.1 + v1.3.3.2 + v1.3.3.3 + 9ae41a71ac457994b7ca975e9eec7c3fc13ac10= 1 + + + v2.2-maint + v2.2.1 + 9ae41a71ac457994b7ca975e9eec7c3fc13ac10= 1 + + + v3.2-maint + v3.2.1 + 9ae41a71ac457994b7ca975e9eec7c3fc13ac10= 1 + + + + --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 8 02:23:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1520962075896860.2336719045411; Tue, 13 Mar 2018 10:27:55 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4F0F523E6C1; Tue, 13 Mar 2018 17:27:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2177F5E1D1; Tue, 13 Mar 2018 17:27:54 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D5810181BA06; Tue, 13 Mar 2018 17:27:53 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w2DHRocU005696 for ; Tue, 13 Mar 2018 13:27:50 -0400 Received: by smtp.corp.redhat.com (Postfix) id 7F034202322A; Tue, 13 Mar 2018 17:27:50 +0000 (UTC) Received: from t460.redhat.com (unknown [10.33.36.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 101D1202322C; Tue, 13 Mar 2018 17:27:49 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Tue, 13 Mar 2018 17:27:37 +0000 Message-Id: <20180313172737.24214-5-berrange@redhat.com> In-Reply-To: <20180313172737.24214-1-berrange@redhat.com> References: <20180313172737.24214-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH security-notice 4/4] Add a script for generating a list of vulnerable tags & branches X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 13 Mar 2018 17:27:54 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 It is rather tedious making the list of vulnerable tags and branches for the security notice reports. This script takes the changeset of the commit that first introduced the flaw and then outputs an XML snippet listing every tag and branch which contains that vulnerable changeset. This can be copied straight into the security notice, meaning we just have to then fill out details of which changeset and tag fixed the flaw. Signed-off-by: Daniel P. Berrang=C3=A9 --- scripts/report-vulnerable-tags.pl | 108 ++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 108 insertions(+) create mode 100644 scripts/report-vulnerable-tags.pl diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-= tags.pl new file mode 100644 index 0000000..0b6ea6f --- /dev/null +++ b/scripts/report-vulnerable-tags.pl @@ -0,0 +1,108 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use Sort::Versions; + +if (int(@ARGV) !=3D 1) { + die "syntax: $0 CHANGESET\n"; +} + +my $changeset =3D shift @ARGV; + +sub get_tags { + my @args =3D @_; + + my @tags; + open GIT, "-|", "git", "tag", @args or + die "cannot query 'git tags @args': $!\n"; + + while () { + chomp; + + # Drop anything except vN.N.N style tags + # where 'N' is only digits. + if (/^v(\d+)(\.\d+)+$/) { + push @tags, $_; + } + } + + close GIT; + + return @tags; +} + +sub get_branch { + my $tag =3D shift; + + my @branches; + open GIT, "-|", "git", "branch", "--all", "--contains", $tag or + die "cannot query 'git branch --all --contains $tag': $!\n"; + + while () { + chomp; + + if (m,^\s*remotes/origin/(v.*-maint)$,) { + push @branches, $1; + } + } + + close GIT; + + return @branches; +} + +my @branches; +my %tags; +my %branches; + +$branches{"master"} =3D []; +# Most tags live on master so lets get them first +for my $tag (get_tags("--contains", $changeset, "--merged", "master")) { + push @{$branches{"master"}}, $tag; + $tags{$tag} =3D 1; +} +push @branches, "master"; + +# Now we need slower work to find branches for +# few remaining tags +for my $tag (get_tags("--contains", $changeset)) { + + next if exists $tags{$tag}; + + my @tagbranches =3D get_branch($tag); + if (int(@tagbranches) =3D=3D 0) { + if ($tag eq "v2.1.0") { + @tagbranches =3D ("master") + } else { + print "Tag $tag doesn't appear in any branch\n"; + next; + } + } + + if (int(@tagbranches) > 1) { + print "Tag $tag appears in multiple branches\n"; + } + + unless (exists($branches{$tagbranches[0]})) { + $branches{$tagbranches[0]} =3D []; + push @branches, $tagbranches[0]; + } + push @{$branches{$tagbranches[0]}}, $tag; +} + + +foreach my $branch (sort versioncmp @branches) { + print " \n"; + print " $branch\n"; + foreach my $tag (sort versioncmp @{$branches{$branch}}) { + print " $tag\n"; + } + print " $changeset\n"; + + if ($branch eq "master") { + print " \n"; + } + print " \n"; +} --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list