| Reported on: | 20140103 |
|---|---|
| Published on: | 20140115 |
| Fixed on: | 20140115 |
| Reported by: | Eric Blake |
|---|---|
| Patched by: | Eric Blake |
The asynchronous events were not filtered based on any permission check prior to being dispatched to the client. This could lead to the client learning about the existence of domains that they are not authorized to see.
A client can use events to learn of domains that they are not authorized to see. Additionally, the client can use that object to attempt other actions on the domain, such as starting or stopping it.
Prevent untrusted clients from connecting to libvirtd
| Branch | master |
|---|---|
| Broken in: | v1.1.0 |
| Broken in: | v1.1.1 |
| Broken in: | v1.1.2 |
| Broken in: | v1.1.3 |
| Broken in: | v1.1.4 |
| Broken in: | v1.2.0 |
| Fixed in: | v1.2.1 |
| Broken by: | ed3bac713c3cfc055ef551cbfe92a061084382c3 |
| Fixed by: | f9f56340539d609cdc2e9d4ab812b9f146c3f100 |
| Branch | v1.1.0-maint |
|---|---|
| Broken by: | ed3bac713c3cfc055ef551cbfe92a061084382c3 |
| Fixed by: | cdf29d950c247d06aaa69778238d7cc164c05291 |
| Branch | v1.1.1-maint |
|---|---|
| Broken by: | ed3bac713c3cfc055ef551cbfe92a061084382c3 |
| Fixed by: | 1d0e4fbf9572ad34045a4f9d87601297a5244c38 |
| Branch | v1.1.2-maint |
|---|---|
| Broken by: | ed3bac713c3cfc055ef551cbfe92a061084382c3 |
| Fixed by: | fb5a3190c6409897744a244c6e0d5e2d52d34b39 |
| Branch | v1.1.3-maint |
|---|---|
| Broken in: | v1.1.3.1 |
| Broken in: | v1.1.3.2 |
| Fixed in: | v1.1.3.3 |
| Broken by: | ed3bac713c3cfc055ef551cbfe92a061084382c3 |
| Fixed by: | 51afa9a255d7a073373ad4533eff58bd819890e8 |
| Branch | v1.1.4-maint |
|---|---|
| Broken by: | ed3bac713c3cfc055ef551cbfe92a061084382c3 |
| Fixed by: | 7ccc13599652722d6aa000b61270c0786d610b9e |
| Branch | v1.2.0-maint |
|---|---|
| Broken by: | ed3bac713c3cfc055ef551cbfe92a061084382c3 |
| Fixed by: | eb7ec2312ba968c745031c7432b4fd007cd52d3a |