From the Red Hat bug at $URL: It has been found that calling VirDomainGetVcpus with bogus parameters can lead to integer overflow and subsequent heap corruption. A remote attacker could use this flaw to crash libvirtd (DoS). Upstream patch: https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
*** Bug 373709 has been marked as a duplicate of this bug. ***
0.9.3 is in the tree that has this fix.
(In reply to comment #2) > 0.9.3 is in the tree that has this fix. Great, thanks. Going with 0.9.3-r1 since 0.9.3 has been removed. Arches, please test and mark stable: =app-emulation/libvirt-0.9.3-r1 Target keywords : "amd64 x86"
Please fix a minor issue at bug 379853. Is a regression for me.
amd64: yes; requires =sys-process/numactl-2.0.7 for use =numa. Otherwise emerge ok
amd64 done. Thanks Agostino and Ian
x86 stable. Thanks
Thanks, folks. GLSA Vote: Yes.
CVE-2011-2511 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2511): Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.
Vote: YES. Added to pending GLSA request.
Affected versions are no longer in tree.
This issue was resolved and addressed in GLSA 201202-07 at http://security.gentoo.org/glsa/glsa-201202-07.xml by GLSA coordinator Stefan Behte (craig).