| Summary: | <app-emulation/libvirt-1.1.3 : Callbacks De-registration Handling Denial of Service Vulnerability (CVE-2013-4399) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | cardoe, virtualization |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://secunia.com/advisories/55202/ | ||
| Whiteboard: | C3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
1.0.5.6 is not vulnerable to this issue. Its only for 1.1.0 and greater. The bump with this fix is already in the tree as part of 1.1.3. Arches, please test and mark stable: =app-emulation/libvirt-1.1.3 Target keywords : "amd64 x86" amd64 stable x86 stable Added to existing GLSA draft This issue was resolved and addressed in GLSA 201412-04 at http://security.gentoo.org/glsa/glsa-201412-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : Description A vulnerability has been reported in libvirt, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling callbacks deregistration via the "virConnectDomainEventDeregisterAny()" API function and can be exploited to cause a crash. Successful exploitation requires the ACL drivers to be active. Solution: Fixed in the git repository. Provided and/or discovered by: Zhenfang Wang, Red Hat Original Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1011429 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.