Libvirt Security Notice: LSN-2016-0002
        ======================================

       Summary: Access to virDomainGetTime mistakenly allowed on
                read-only connection
   Reported on: 20160111
  Published on: 20160111
      Fixed on: 20160111
   Reported by: Michal Privoznik <mprivozn@redhat.com>
    Patched by: Michal Privoznik <mprivozn@redhat.com>
      See also: CVE-2016-10746

Description
-----------

The virDomainGetTime API will talk to a guest agent on some
hypervisors like QEMU, and so must be forbidden on read-only
connections to libvirt

Impact
------

An unprivileged user on the virtualization host can invoke the
virDomainGetTime API which talks to the QEMU guest agent. If this
user also has administrative privileges in the guest, they can use a
malicious guest agent to inflict a denial of service on libvirt
potentially blocking further API calls on that guest for a period of
time.

Workaround
----------

Disable the QEMU agent in any VMs whose admin is not trustworthy.
Alternative reconfigure the host access control to block use of the
readonly libvirtd socket

Affected product
----------------

        Name: libvirt
  Repository: https://gitlab.com/libvirt/libvirt

      Branch: master
   Broken in: v1.2.5
   Broken in: v1.2.6
   Broken in: v1.2.7
   Broken in: v1.2.8
   Broken in: v1.2.9
   Broken in: v1.2.10
   Broken in: v1.2.11
   Broken in: v1.2.12
   Broken in: v1.2.13
   Broken in: v1.2.14
   Broken in: v1.2.15
   Broken in: v1.2.16
   Broken in: v1.2.17
   Broken in: v1.2.18
   Broken in: v1.2.19
   Broken in: v1.2.20
   Broken in: v1.2.21
   Broken in: v1.3.0
    Fixed in: v1.3.1
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
    Fixed by: 506e9d6c2d4baaf580d489fff0690c0ff2ff588f

      Branch: v1.2.5-maint
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.6-maint
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.7-maint
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.8-maint
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.9-maint
   Broken in: v1.2.9.1
   Broken in: v1.2.9.2
   Broken in: v1.2.9.3
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.10-maint
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.11-maint
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.12-maint
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.13-maint
   Broken in: v1.2.13.1
   Broken in: v1.2.13.2
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.14-maint
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.15-maint
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.16-maint
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.17-maint
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.18-maint
   Broken in: v1.2.18.1
   Broken in: v1.2.18.2
   Broken in: v1.2.18.3
   Broken in: v1.2.18.4
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.19-maint
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.20-maint
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.2.21-maint
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

      Branch: v1.3.0-maint
   Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287