| Reported on: | 20180127 |
|---|---|
| Published on: | 20180207 |
| Fixed on: | 20180207 |
| Reported by: | Lubomir Rintel |
|---|---|
| Patched by: | Lubomir Rintel |
| Daniel P. Berrangé |
During container startup it is possible that libvirt logging code will trigger a hostname lookup. This will in turn potentially cause GLibC to load various NSS modules from the container's root filesystem rather than the host's root filesystem. During this time the host's root filesystem is still accessible and fully writable
A maliciously crafted NSS module in the container's root filesystem can exploit the host OS by writing content into the host's root filesystem
There is no practical workaround
| Branch | master |
|---|---|
| Broken in: | v0.4.4 |
| Broken in: | v0.4.6 |
| Broken in: | v0.5.0 |
| Broken in: | v0.5.1 |
| Broken in: | v0.6.0 |
| Broken in: | v0.6.1 |
| Broken in: | v0.6.2 |
| Broken in: | v0.6.3 |
| Broken in: | v0.6.4 |
| Broken in: | v0.6.5 |
| Broken in: | v0.7.0 |
| Broken in: | v0.7.1 |
| Broken in: | v0.7.2 |
| Broken in: | v0.7.3 |
| Broken in: | v0.7.4 |
| Broken in: | v0.7.5 |
| Broken in: | v0.7.6 |
| Broken in: | v0.7.7 |
| Broken in: | v0.8.0 |
| Broken in: | v0.8.1 |
| Broken in: | v0.8.2 |
| Broken in: | v0.8.3 |
| Broken in: | v0.8.4 |
| Broken in: | v0.8.5 |
| Broken in: | v0.8.6 |
| Broken in: | v0.8.7 |
| Broken in: | v0.8.8 |
| Broken in: | v0.9.0 |
| Broken in: | v0.9.1 |
| Broken in: | v0.9.2 |
| Broken in: | v0.9.3 |
| Broken in: | v0.9.4 |
| Broken in: | v0.9.5 |
| Broken in: | v0.9.6 |
| Broken in: | v0.9.7 |
| Broken in: | v0.9.8 |
| Broken in: | v0.9.9 |
| Broken in: | v0.9.10 |
| Broken in: | v0.9.11 |
| Broken in: | v0.9.12 |
| Broken in: | v0.9.13 |
| Broken in: | v0.10.0 |
| Broken in: | v0.10.1 |
| Broken in: | v0.10.2 |
| Broken in: | v1.0.0 |
| Broken in: | v1.0.1 |
| Broken in: | v1.0.2 |
| Broken in: | v1.0.3 |
| Broken in: | v1.0.4 |
| Broken in: | v1.0.5 |
| Broken in: | v1.0.6 |
| Broken in: | v1.1.0 |
| Broken in: | v1.1.1 |
| Broken in: | v1.1.2 |
| Broken in: | v1.1.3 |
| Broken in: | v1.1.4 |
| Broken in: | v1.2.0 |
| Broken in: | v1.2.1 |
| Broken in: | v1.2.2 |
| Broken in: | v1.2.3 |
| Broken in: | v1.2.4 |
| Broken in: | v1.2.5 |
| Broken in: | v1.2.6 |
| Broken in: | v1.2.7 |
| Broken in: | v1.2.8 |
| Broken in: | v1.2.9 |
| Broken in: | v1.2.10 |
| Broken in: | v1.2.11 |
| Broken in: | v1.2.12 |
| Broken in: | v1.2.13 |
| Broken in: | v1.2.14 |
| Broken in: | v1.2.15 |
| Broken in: | v1.2.16 |
| Broken in: | v1.2.17 |
| Broken in: | v1.2.18 |
| Broken in: | v1.2.19 |
| Broken in: | v1.2.20 |
| Broken in: | v1.2.21 |
| Broken in: | v1.3.0 |
| Broken in: | v1.3.1 |
| Broken in: | v1.3.2 |
| Broken in: | v1.3.3 |
| Broken in: | v1.3.4 |
| Broken in: | v1.3.5 |
| Broken in: | v2.0.0 |
| Broken in: | v2.1.0 |
| Broken in: | v2.2.0 |
| Broken in: | v2.3.0 |
| Broken in: | v2.4.0 |
| Broken in: | v2.5.0 |
| Broken in: | v3.0.0 |
| Broken in: | v3.1.0 |
| Broken in: | v3.2.0 |
| Broken in: | v3.3.0 |
| Broken in: | v3.4.0 |
| Broken in: | v3.5.0 |
| Broken in: | v3.6.0 |
| Broken in: | v3.7.0 |
| Broken in: | v3.8.0 |
| Broken in: | v3.9.0 |
| Broken in: | v3.10.0 |
| Broken in: | v4.0.0 |
| Fixed in: | v4.1.0 |
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Fixed by: | 759b4d1b0fe5f4d84d98b99153dfa7ac289dd167 |
| Fixed by: | c2dc6698c88fb591639e542c8ecb0076c54f3dfb |
| Branch | v0.8.3-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v0.9.6-maint |
|---|---|
| Broken in: | v0.9.6.1 |
| Broken in: | v0.9.6.2 |
| Broken in: | v0.9.6.3 |
| Broken in: | v0.9.6.4 |
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v0.9.11-maint |
|---|---|
| Broken in: | v0.9.11.1 |
| Broken in: | v0.9.11.2 |
| Broken in: | v0.9.11.3 |
| Broken in: | v0.9.11.4 |
| Broken in: | v0.9.11.5 |
| Broken in: | v0.9.11.6 |
| Broken in: | v0.9.11.7 |
| Broken in: | v0.9.11.8 |
| Broken in: | v0.9.11.9 |
| Broken in: | v0.9.11.10 |
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v0.9.12-maint |
|---|---|
| Broken in: | v0.9.12.1 |
| Broken in: | v0.9.12.2 |
| Broken in: | v0.9.12.3 |
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v0.10.2-maint |
|---|---|
| Broken in: | v0.10.2.1 |
| Broken in: | v0.10.2.2 |
| Broken in: | v0.10.2.3 |
| Broken in: | v0.10.2.4 |
| Broken in: | v0.10.2.5 |
| Broken in: | v0.10.2.6 |
| Broken in: | v0.10.2.7 |
| Broken in: | v0.10.2.8 |
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.0.0-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.0.1-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.0.2-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.0.3-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.0.4-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.0.5-maint |
|---|---|
| Broken in: | v1.0.5.1 |
| Broken in: | v1.0.5.2 |
| Broken in: | v1.0.5.3 |
| Broken in: | v1.0.5.4 |
| Broken in: | v1.0.5.5 |
| Broken in: | v1.0.5.6 |
| Broken in: | v1.0.5.7 |
| Broken in: | v1.0.5.8 |
| Broken in: | v1.0.5.9 |
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.0.6-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.1.0-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.1.1-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.1.2-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.1.3-maint |
|---|---|
| Broken in: | v1.1.3.1 |
| Broken in: | v1.1.3.2 |
| Broken in: | v1.1.3.3 |
| Broken in: | v1.1.3.4 |
| Broken in: | v1.1.3.5 |
| Broken in: | v1.1.3.6 |
| Broken in: | v1.1.3.7 |
| Broken in: | v1.1.3.8 |
| Broken in: | v1.1.3.9 |
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.1.4-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.0-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.1-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.2-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.3-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.4-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.5-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.6-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.7-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.8-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.9-maint |
|---|---|
| Broken in: | v1.2.9.1 |
| Broken in: | v1.2.9.2 |
| Broken in: | v1.2.9.3 |
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.10-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.11-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.12-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.13-maint |
|---|---|
| Broken in: | v1.2.13.1 |
| Broken in: | v1.2.13.2 |
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.14-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.15-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.16-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.17-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.18-maint |
|---|---|
| Broken in: | v1.2.18.1 |
| Broken in: | v1.2.18.2 |
| Broken in: | v1.2.18.3 |
| Broken in: | v1.2.18.4 |
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.19-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.20-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.2.21-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.3.0-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.3.1-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.3.2-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.3.3-maint |
|---|---|
| Broken in: | v1.3.3.1 |
| Broken in: | v1.3.3.2 |
| Broken in: | v1.3.3.3 |
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.3.4-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v1.3.5-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v2.0-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v2.1-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v2.2-maint |
|---|---|
| Broken in: | v2.2.1 |
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v3.0-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v3.2-maint |
|---|---|
| Broken in: | v3.2.1 |
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Branch | v3.7-maint |
|---|---|
| Broken by: | 9ae41a71ac457994b7ca975e9eec7c3fc13ac101 |
| Fixed by: | 3aadeae9709dae6593b5b26e8953b459c6764a6d |
| Fixed by: | ee54b0bd7faa3e211346b367f64e502af6442e07 |