Описание
ELSA-2022-0886: virt:ol and virt-devel:rhel security update (MODERATE)
qemu-kvm [4.2.0-59.el8_5.2]
- kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch [bz#2048627]
- Resolves: bz#2048627 (CVE-2022-0358 virt:rhel/qemu-kvm: QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405 [rhel-8.5.0.z])
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module virt:ol is enabled
hivex
1.3.18-21.module+el8.5.0+20363+3abb8f5b
hivex-devel
1.3.18-21.module+el8.5.0+20363+3abb8f5b
libguestfs
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-bash-completion
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-benchmarking
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-devel
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-gfs2
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-gobject
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-gobject-devel
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-inspect-icons
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-java
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-java-devel
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-javadoc
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-man-pages-ja
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-man-pages-uk
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-rescue
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-rsync
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-tools
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-tools-c
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-winsupport
8.2-1.module+el8.3.0+7860+a7792d29
libguestfs-xfs
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libiscsi
1.18.0-8.module+el8.3.0+7860+a7792d29
libiscsi-devel
1.18.0-8.module+el8.3.0+7860+a7792d29
libiscsi-utils
1.18.0-8.module+el8.3.0+7860+a7792d29
libnbd
1.2.2-1.module+el8.3.0+7860+a7792d29
libnbd-devel
1.2.2-1.module+el8.3.0+7860+a7792d29
libvirt
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-admin
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-bash-completion
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-client
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-config-network
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-config-nwfilter
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-interface
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-network
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-nodedev
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-nwfilter
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-qemu
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-secret
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-core
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-disk
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-gluster
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-iscsi
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-iscsi-direct
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-logical
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-mpath
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-rbd
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-scsi
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-kvm
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-dbus
1.3.0-2.module+el8.3.0+7860+a7792d29
libvirt-devel
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-docs
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-libs
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-lock-sanlock
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-nss
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
lua-guestfs
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
nbdfuse
1.2.2-1.module+el8.3.0+7860+a7792d29
nbdkit
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-bash-completion
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-basic-filters
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-basic-plugins
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-curl-plugin
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-devel
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-example-plugins
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-gzip-plugin
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-linuxdisk-plugin
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-python-plugin
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-server
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-ssh-plugin
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-xz-filter
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
netcf
0.2.8-12.module+el8.3.0+7860+a7792d29
netcf-devel
0.2.8-12.module+el8.3.0+7860+a7792d29
netcf-libs
0.2.8-12.module+el8.3.0+7860+a7792d29
ocaml-libnbd
1.2.2-1.module+el8.3.0+7860+a7792d29
ocaml-libnbd-devel
1.2.2-1.module+el8.3.0+7860+a7792d29
perl-Sys-Guestfs
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
perl-Sys-Virt
6.0.0-1.module+el8.3.0+7860+a7792d29
perl-hivex
1.3.18-21.module+el8.5.0+20363+3abb8f5b
python3-hivex
1.3.18-21.module+el8.5.0+20363+3abb8f5b
python3-libguestfs
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
python3-libnbd
1.2.2-1.module+el8.3.0+7860+a7792d29
python3-libvirt
6.0.0-1.module+el8.3.0+7860+a7792d29
qemu-guest-agent
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-img
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-kvm
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-kvm-block-curl
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-kvm-block-iscsi
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-kvm-block-rbd
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-kvm-block-ssh
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-kvm-common
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-kvm-core
4.2.0-59.module+el8.5.0+20519+ef047602.2
ruby-hivex
1.3.18-21.module+el8.5.0+20363+3abb8f5b
ruby-libguestfs
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
supermin
5.1.19-10.module+el8.3.0+7860+a7792d29
supermin-devel
5.1.19-10.module+el8.3.0+7860+a7792d29
virt-dib
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
Module virt-devel:ol is enabled
ocaml-hivex
1.3.18-21.module+el8.5.0+20363+3abb8f5b
ocaml-hivex-devel
1.3.18-21.module+el8.5.0+20363+3abb8f5b
ocaml-libguestfs
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
ocaml-libguestfs-devel
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
qemu-kvm-tests
4.2.0-59.module+el8.5.0+20519+ef047602.2
Oracle Linux x86_64
Module virt:ol is enabled
hivex
1.3.18-21.module+el8.5.0+20365+3abb8f5b
hivex-devel
1.3.18-21.module+el8.5.0+20365+3abb8f5b
libguestfs
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-bash-completion
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-benchmarking
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-devel
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-gfs2
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-gobject
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-gobject-devel
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-inspect-icons
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-java
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-java-devel
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-javadoc
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-man-pages-ja
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-man-pages-uk
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-rescue
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-rsync
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-tools
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-tools-c
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libguestfs-winsupport
8.2-1.module+el8.3.0+7860+a7792d29
libguestfs-xfs
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
libiscsi
1.18.0-8.module+el8.3.0+7860+a7792d29
libiscsi-devel
1.18.0-8.module+el8.3.0+7860+a7792d29
libiscsi-utils
1.18.0-8.module+el8.3.0+7860+a7792d29
libnbd
1.2.2-1.module+el8.3.0+7860+a7792d29
libnbd-devel
1.2.2-1.module+el8.3.0+7860+a7792d29
libvirt
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-admin
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-bash-completion
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-client
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-config-network
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-config-nwfilter
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-interface
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-network
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-nodedev
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-nwfilter
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-qemu
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-secret
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-core
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-disk
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-gluster
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-iscsi
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-iscsi-direct
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-logical
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-mpath
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-rbd
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-driver-storage-scsi
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-daemon-kvm
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-dbus
1.3.0-2.module+el8.3.0+7860+a7792d29
libvirt-devel
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-docs
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-libs
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-lock-sanlock
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
libvirt-nss
6.0.0-37.1.0.1.module+el8.5.0+20490+52363fdb
lua-guestfs
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
nbdfuse
1.2.2-1.module+el8.3.0+7860+a7792d29
nbdkit
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-bash-completion
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-basic-filters
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-basic-plugins
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-curl-plugin
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-devel
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-example-plugins
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-gzip-plugin
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-linuxdisk-plugin
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-python-plugin
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-server
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-ssh-plugin
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-vddk-plugin
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
nbdkit-xz-filter
1.16.2-4.0.1.module+el8.3.0+7860+a7792d29
netcf
0.2.8-12.module+el8.3.0+7860+a7792d29
netcf-devel
0.2.8-12.module+el8.3.0+7860+a7792d29
netcf-libs
0.2.8-12.module+el8.3.0+7860+a7792d29
ocaml-libnbd
1.2.2-1.module+el8.3.0+7860+a7792d29
ocaml-libnbd-devel
1.2.2-1.module+el8.3.0+7860+a7792d29
perl-Sys-Guestfs
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
perl-Sys-Virt
6.0.0-1.module+el8.3.0+7860+a7792d29
perl-hivex
1.3.18-21.module+el8.5.0+20365+3abb8f5b
python3-hivex
1.3.18-21.module+el8.5.0+20365+3abb8f5b
python3-libguestfs
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
python3-libnbd
1.2.2-1.module+el8.3.0+7860+a7792d29
python3-libvirt
6.0.0-1.module+el8.3.0+7860+a7792d29
qemu-guest-agent
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-img
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-kvm
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-kvm-block-curl
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-kvm-block-gluster
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-kvm-block-iscsi
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-kvm-block-rbd
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-kvm-block-ssh
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-kvm-common
4.2.0-59.module+el8.5.0+20519+ef047602.2
qemu-kvm-core
4.2.0-59.module+el8.5.0+20519+ef047602.2
ruby-hivex
1.3.18-21.module+el8.5.0+20365+3abb8f5b
ruby-libguestfs
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
seabios
1.13.0-2.module+el8.3.0+7860+a7792d29
seabios-bin
1.13.0-2.module+el8.3.0+7860+a7792d29
seavgabios-bin
1.13.0-2.module+el8.3.0+7860+a7792d29
sgabios
0.20170427git-3.module+el8.3.0+7860+a7792d29
sgabios-bin
0.20170427git-3.module+el8.3.0+7860+a7792d29
supermin
5.1.19-10.module+el8.3.0+7860+a7792d29
supermin-devel
5.1.19-10.module+el8.3.0+7860+a7792d29
virt-dib
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
virt-v2v
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
Module virt-devel:ol is enabled
ocaml-hivex
1.3.18-21.module+el8.5.0+20365+3abb8f5b
ocaml-hivex-devel
1.3.18-21.module+el8.5.0+20365+3abb8f5b
ocaml-libguestfs
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
ocaml-libguestfs-devel
1.40.2-28.0.1.module+el8.5.0+20363+3abb8f5b
qemu-kvm-tests
4.2.0-59.module+el8.5.0+20519+ef047602.2
Связанные CVE
Связанные уязвимости
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
A flaw was found in the QEMU virtio-fs shared file system daemon (virt ...