File CVE-2019-3886-remote.patch of Package libvirt.16766

commit 9737baf530d80eff19d46a5feb130d3064d47d64
Author: Daniel P. Berrangé <berrange@redhat.com>
Date:   Wed Apr 3 15:00:50 2019 +0100

    remote: enforce ACL write permission for getting guest time & hostname
    
    Getting the guest time and hostname both require use of guest agent
    commands. These must not be allowed for read-only users, so the
    permissions check must validate "write" permission not "read".
    
    Fixes CVE-2019-3886
    Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Index: libvirt-4.0.0/src/remote/remote_protocol.x
===================================================================
--- libvirt-4.0.0.orig/src/remote/remote_protocol.x
+++ libvirt-4.0.0/src/remote/remote_protocol.x
@@ -5405,7 +5405,7 @@ enum remote_procedure {
 
     /**
      * @generate: both
-     * @acl: domain:read
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_GET_HOSTNAME = 277,
 
@@ -5800,7 +5800,7 @@ enum remote_procedure {
 
     /**
      * @generate: none
-     * @acl: domain:read
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_GET_TIME = 337,

Places

File CVE-2019-3886-remote.patch of Package libvirt.16766

Places