Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 373991 (CVE-2011-2511) - <app-emulation/libvirt-0.9.3-r1: Integer overflow denial of service vulnerability (CVE-2011-2511)
Summary: <app-emulation/libvirt-0.9.3-r1: Integer overflow denial of service vulnerabi...
Status: RESOLVED FIXED
Alias: CVE-2011-2511
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [glsa]
Keywords:
: 373709 (view as bug list)
Depends on: 379807 379853
Blocks:
  Show dependency tree
 
Reported: 2011-07-04 05:46 UTC by Tim Sammut (RETIRED)
Modified: 2012-02-27 22:32 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2011-07-04 05:46:47 UTC
From the Red Hat bug at $URL:

It has been found that calling VirDomainGetVcpus with bogus parameters can lead
to integer overflow and subsequent heap corruption. A remote attacker could use
this flaw to crash libvirtd (DoS).

Upstream patch:
https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
Comment 1 Doug Goldstein (RETIRED) gentoo-dev 2011-07-19 19:56:55 UTC
*** Bug 373709 has been marked as a duplicate of this bug. ***
Comment 2 Doug Goldstein (RETIRED) gentoo-dev 2011-07-19 20:08:31 UTC
0.9.3 is in the tree that has this fix.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-08-18 23:32:47 UTC
(In reply to comment #2)
> 0.9.3 is in the tree that has this fix.

Great, thanks. Going with 0.9.3-r1 since 0.9.3 has been removed.

Arches, please test and mark stable:
=app-emulation/libvirt-0.9.3-r1
Target keywords : "amd64 x86"
Comment 4 Agostino Sarubbo gentoo-dev 2011-08-19 13:11:36 UTC
Please fix a minor issue at bug 379853. Is a regression for me.
Comment 5 Ian Delaney (RETIRED) gentoo-dev 2011-08-19 18:48:46 UTC
amd64:

yes; requires =sys-process/numactl-2.0.7 for use =numa.  Otherwise emerge ok
Comment 6 Markos Chandras (RETIRED) gentoo-dev 2011-08-19 19:54:14 UTC
amd64 done. Thanks Agostino and Ian
Comment 7 Thomas Kahle (RETIRED) gentoo-dev 2011-08-26 09:40:22 UTC
x86 stable. Thanks
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2011-08-26 14:06:24 UTC
Thanks, folks. GLSA Vote: Yes.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:37:49 UTC
CVE-2011-2511 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2511):
  Integer overflow in libvirt before 0.9.3 allows remote authenticated users
  to cause a denial of service (libvirtd crash) and possibly execute arbitrary
  code via a crafted VirDomainGetVcpus RPC call that triggers memory
  corruption.
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 21:22:07 UTC
Vote: YES. Added to pending GLSA request.
Comment 11 Doug Goldstein (RETIRED) gentoo-dev 2012-02-09 19:26:23 UTC
Affected versions are no longer in tree.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2012-02-27 22:32:56 UTC
This issue was resolved and addressed in
 GLSA 201202-07 at http://security.gentoo.org/glsa/glsa-201202-07.xml
by GLSA coordinator Stefan Behte (craig).