diff -Nru libvirt-1.3.1/debian/changelog libvirt-1.3.1/debian/changelog --- libvirt-1.3.1/debian/changelog 2018-05-23 17:29:29.000000000 +0000 +++ libvirt-1.3.1/debian/changelog 2019-03-13 12:10:12.000000000 +0000 @@ -1,3 +1,12 @@ +libvirt (1.3.1-1ubuntu10.25) xenial-security; urgency=medium + + * SECURITY UPDATE: NULL pointer dereference in qemuAgentGetInterfaces + - debian/patches/CVE-2019-3840.patch: require a reply in + src/qemu/qemu_agent.c. + - CVE-2019-3840 + + -- Marc Deslauriers Wed, 13 Mar 2019 08:10:12 -0400 + libvirt (1.3.1-1ubuntu10.24) xenial-security; urgency=medium * SECURITY UPDATE: QEMU monitor DoS diff -Nru libvirt-1.3.1/debian/patches/CVE-2019-3840.patch libvirt-1.3.1/debian/patches/CVE-2019-3840.patch --- libvirt-1.3.1/debian/patches/CVE-2019-3840.patch 1970-01-01 00:00:00.000000000 +0000 +++ libvirt-1.3.1/debian/patches/CVE-2019-3840.patch 2019-03-13 12:10:08.000000000 +0000 @@ -0,0 +1,41 @@ +Backport of: + +From 7cfd1fbb1332ae5df678b9f41a62156cb2e88c73 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?J=C3=A1n=20Tomko?= +Date: Fri, 4 Jan 2019 10:17:46 +0100 +Subject: [PATCH] qemu: require reply from guest agent in qemuAgentGetInterfaces +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +Since its introduction in commit 0977b8aa071 (released in v1.2.14) +qemuAgentGetInterfaces calls qemuAgentCommand with needReply=false, +which allows qemuAgentCommand to return 0 even when it did not get +any reply from the agent. + +Set needReply to true, since we dereference it right after. + +This can be hit if libvirt is waiting for an event from the agent +(e.g. shutdown) and the agent cannot reply in time (e.g. due to +the guest being shut down), as reported in: +https://bugzilla.redhat.com/show_bug.cgi?id=1663051 + +Signed-off-by: Ján Tomko +Reviewed-by: Jiri Denemark +--- + src/qemu/qemu_agent.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +Index: libvirt-1.3.1/src/qemu/qemu_agent.c +=================================================================== +--- libvirt-1.3.1.orig/src/qemu/qemu_agent.c 2019-03-13 08:10:06.540383449 -0400 ++++ libvirt-1.3.1/src/qemu/qemu_agent.c 2019-03-13 08:10:06.536383432 -0400 +@@ -1990,7 +1990,7 @@ qemuAgentGetInterfaces(qemuAgentPtr mon, + if (!(cmd = qemuAgentMakeCommand("guest-network-get-interfaces", NULL))) + goto cleanup; + +- if (qemuAgentCommand(mon, cmd, &reply, false, VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0 || ++ if (qemuAgentCommand(mon, cmd, &reply, true, VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0 || + qemuAgentCheckError(cmd, reply) < 0) { + goto cleanup; + } diff -Nru libvirt-1.3.1/debian/patches/series libvirt-1.3.1/debian/patches/series --- libvirt-1.3.1/debian/patches/series 2018-05-23 17:25:36.000000000 +0000 +++ libvirt-1.3.1/debian/patches/series 2019-03-13 12:10:05.000000000 +0000 @@ -107,3 +107,4 @@ CVE-2018-1064.patch CVE-2018-3639-1.patch CVE-2018-3639-2.patch +CVE-2019-3840.patch