Summary: | <app-emulation/libvirt-1.0.2-r2: "virNetMessageFree()" Use-After-Free Vulnerability (CVE-2013-0170) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | cardoe, virtualization |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/52003/ | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 458688 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-01-29 21:25:17 UTC
The advisory is a bit unfortunate. It affects a lot more versions than just 1.0.1 or 1.x. Perfect example is the fact that RHEL released updates for 0.9.6 and newer for Fedora and RHEL6. http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720 is the fix New GLSA request filed. CVE-2013-0170 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0170): Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. This issue was resolved and addressed in GLSA 201309-18 at http://security.gentoo.org/glsa/glsa-201309-18.xml by GLSA coordinator Chris Reffett (creffett). |