Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 480796 (CVE-2013-4239)

Summary: <app-emulation/libvirt-1.1.1-r1: memory corruption in xenDaemonListDefinedDomains function (CVE-2013-4239)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: cardoe, virtualization
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=996241
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-08-12 22:09:50 UTC 
From ${URL} :

Commit 632180d1 introduced memory corruption in xenDaemonListDefinedDomains() by starting to populate the names array at index -1, causing all sorts of havoc in libvirtd 
such as aborts like the following

*** Error in `/usr/sbin/libvirtd': double free or corruption (out): 0x00007fffe00ccf20 ***

The xenDaemonListDefinedDomains() function is reached by the virConnectListDefinedDomains() public API, which can be used on read-only connections.

Introduced in:
libvirt v1.1.1

Introduced by:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=632180d1

Fixed by:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=0e671a16


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Doug Goldstein (RETIRED) gentoo-dev 2013-08-12 23:05:04 UTC 
This was fixed in 1.1.1-r1, which is the current stable version for amd64. x86 is still at 1.0.5.4, so they're totally unaffected. There is no affected version in the tree.
Comment 2 Doug Goldstein (RETIRED) gentoo-dev 2013-08-17 18:03:25 UTC 
The affected versions that you set are wrong. It only ever affected =app-emulation/libvirt-1.1.1, it never affected any other version. =app-emulation/libvirt-1.1.1 never went stable on any platform either.
Comment 3 Agostino Sarubbo gentoo-dev 2013-09-02 06:06:03 UTC 
(In reply to Doug Goldstein from comment #2)
> The affected versions that you set are wrong. It only ever affected
> =app-emulation/libvirt-1.1.1, it never affected any other version.
> =app-emulation/libvirt-1.1.1 never went stable on any platform either.

Is right but this is the way
Comment 4 Sean Amoss (RETIRED) gentoo-dev Security 2013-09-02 10:10:53 UTC 
(In reply to Doug Goldstein from comment #2)
> The affected versions that you set are wrong. It only ever affected
> =app-emulation/libvirt-1.1.1, it never affected any other version.
> =app-emulation/libvirt-1.1.1 never went stable on any platform either.

Thanks, Doug.

Closing noglsa.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-10-06 23:24:03 UTC 
CVE-2013-4239 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4239):
  The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt
  1.1.1 allows remote authenticated users to cause a denial of service (memory
  corruption and crash) via vectors involving the virConnectListDefinedDomains
  API function.