Libvirt Security Notice: LSN-2013-0014
        ======================================

       Summary: virt-login-shell fails to secure setuid environment
   Reported on: 20131002
  Published on: 20131021
      Fixed on: 20131021
   Reported by: Sebastian Krahmer <krahmer@suse.de>
    Patched by: Daniel Berrange <berrange@redhat.com>
      See also: CVE-2013-4400

Description
-----------

The virt-login-shell binary is a setuid program to connect to LXC
containers. It fails to sanitize its environment in a number of
places allowing it to be used to elevate privileges of the invoking
user by overwriting files

Impact
------

An unprivileged user can overwrite arbitrary files on the host
leading to an elevation of privileges.

Workaround
----------

Remove the setuid bit from the virt-login-shell binary

Affected product
----------------

        Name: libvirt
  Repository: https://gitlab.com/libvirt/libvirt

      Branch: master
   Broken in: v1.1.2
   Broken in: v1.1.3
    Fixed in: v1.1.4
   Broken by: 54d69f540c9928da98f10202b3f21b7abb00bac1
    Fixed by: 8c3586ea755c40d5e01b22cb7b5c1e668cdec994
    Fixed by: b7fcc799ad5d8f3e55b89b94e599903e3c092467
    Fixed by: 3e2f27e13b94f7302ad948bcacb5e02c859a25fc

      Branch: v1.1.2-maint
   Broken by: 54d69f540c9928da98f10202b3f21b7abb00bac1
    Fixed by: bd047ba666122fd57f6cb39ac5795449d5ff26d2
    Fixed by: 9ab478edaddd00708adc9ff99d5a48e3accecfe5
    Fixed by: 31a3086d735b6291795941972b5d6da335cc6aab

      Branch: v1.1.3-maint
    Fixed in: v1.1.3.1
   Broken by: 54d69f540c9928da98f10202b3f21b7abb00bac1
    Fixed by: d8accf54e310b90bd8794edd2d6d1f7d74bb421d
    Fixed by: 6fc87e07a22587b9f38845ce1a0d6db1c7483fe9
    Fixed by: 062ad8b2beac2316a3b1e304668ea852e70ea506