Summary: | <app-emulation/libvirt-0.9.3-r1: Integer overflow denial of service vulnerability (CVE-2011-2511) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | cardoe, craig, virtualization |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=717199 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 379807, 379853 | ||
Bug Blocks: |
Description
Tim Sammut (RETIRED)
2011-07-04 05:46:47 UTC
*** Bug 373709 has been marked as a duplicate of this bug. *** 0.9.3 is in the tree that has this fix. (In reply to comment #2) > 0.9.3 is in the tree that has this fix. Great, thanks. Going with 0.9.3-r1 since 0.9.3 has been removed. Arches, please test and mark stable: =app-emulation/libvirt-0.9.3-r1 Target keywords : "amd64 x86" Please fix a minor issue at bug 379853. Is a regression for me. amd64: yes; requires =sys-process/numactl-2.0.7 for use =numa. Otherwise emerge ok amd64 done. Thanks Agostino and Ian x86 stable. Thanks Thanks, folks. GLSA Vote: Yes. CVE-2011-2511 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2511): Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption. Vote: YES. Added to pending GLSA request. Affected versions are no longer in tree. This issue was resolved and addressed in GLSA 201202-07 at http://security.gentoo.org/glsa/glsa-201202-07.xml by GLSA coordinator Stefan Behte (craig). |