Summary: | <app-emulation/libvirt-1.0.6-r1 : multiple registered event crash (CVE-2013-2230) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | cardoe, nikoli, virtualization |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/07/10/5 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-07-10 19:20:28 UTC
*** Bug 476094 has been marked as a duplicate of this bug. *** The fix is already in the tree when the embargo was lifted. The old package is removed and the only vulnerable version was only ever unstable. I used the old bug since my commit was automated with the end of the embargo. Is it ready to stable? These is typo in ebuild: * Cannot find $EPATCH_SOURCE! Value for $EPATCH_SOURCE is: * * /var/package-manager/portage/app-emulation/libvirt/files/ibvirt-1.1.0-CVE-2013-2230.patch * ( ibvirt-1.1.0-CVE-2013-2230.patch ) (In reply to Chris Reffett from comment #3) > Is it ready to stable? I don't see a need in stabling it as I said in comment #2. The affected version was only ever unstable, and wasn't ready for stabling in the first place. (In reply to Doug Goldstein from comment #5) > (In reply to Chris Reffett from comment #3) > > Is it ready to stable? > > I don't see a need in stabling it as I said in comment #2. The affected > version was only ever unstable, and wasn't ready for stabling in the first > place. Right it was introduced in 1.0.6, closing as noglsa. CVE-2013-2230 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2230): The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration." |