Summary: | <app-emulation/libvirt-1.1.3: unprivileged user can crash libvirtd during spice migration (CVE-2013-7336) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | cardoe, virtualization |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/03/18/1 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-03-18 16:56:55 UTC
This was fixed for the 1.1.3 release. The oldest version in the tree is 1.1.3.3 which is unaffected. git describe --match=v* --contains 484cc321 Maintainer(s), Thank you for cleanup! Security please Vote! Added to existing GLSA draft CVE-2013-7336 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7336): The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function. This issue was resolved and addressed in GLSA 201412-04 at http://security.gentoo.org/glsa/glsa-201412-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |