Summary: | <app-emulation/libvirt-1.0.5.1-r3 : DoS (max count of open files exhaustion) due sockets leak in the storage pool (CVE-2013-1962) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | cardoe, virtualization |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=953107 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 472724 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-05-16 18:19:23 UTC
This has been fixed in the tree. Use libvirt-1.0.5.1-r2. TARGET_KEYWORDS=amd64 x86 (In reply to Doug Goldstein from comment #1) > This has been fixed in the tree. Use libvirt-1.0.5.1-r2. > > TARGET_KEYWORDS=amd64 x86 Please stabilize 1.0.5.1-r3. Any version 1.0.5 or newer will satisfy this CVE. amd64 stable x86 stable CVE-2013-1962 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1962): The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool." This issue was resolved and addressed in GLSA 201309-18 at http://security.gentoo.org/glsa/glsa-201309-18.xml by GLSA coordinator Chris Reffett (creffett). |