| Summary: | <app-emulation/libvirt-{1.2.1,1.1.3.3}: Multiple Vulnerabilities (CVE-2013-6458,CVE-2014-{0028,1447}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | borovoy.anton, cardoe, virtualization |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1052957 | ||
| Whiteboard: | B3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
This and a few other CVEs have been fixed in tree and awaiting stabilization. Off the top of my head its: CVE-2013-6436 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-1447 The following versions would solve all the outstanding CVEs: =app-emulation/libvirt-1.1.3.3 =app-emulation/libvirt-1.2.1 =dev-python/libvirt-python-1.2.1 x86 is actually vulnerable to a few more because we're still waiting on them for the last security bug. The following CVE's were fixed in Previous Security Bugs. CVE-2013-6436 - Bug 496204 CVE-2013-6457 - Bug 496204 Current CVE's Are: CVE-2013-6458 http://libvirt.org/git/?p=libvirt.git;a=commit;h=a7844b9ec2718dad9f5e5316cc0673e95098d812 https://bugzilla.redhat.com/show_bug.cgi?id=1048631 CVE-2014-0028 http://libvirt.org/git/?p=libvirt.git;a=commit;h=51afa9a255d7a073373ad4533eff58bd819890e8 https://bugzilla.redhat.com/show_bug.cgi?id=1048637 CVE-2014-1447 Maintainers, let us know if you are table to Stabilize the versions mentioned. x86 stable amd64 stable. Maintainer(s), please cleanup. Security, please vote. (app-emulation/libvirt-1.2.1::gentoo, ebuild scheduled for merge) conflicts with
>=app-emulation/libvirt-0.7.0[python] required by (app-emulation/virtinst-0.600.4::gentoo, installed)
CVE-2014-1447 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1447): Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. CVE-2014-0028 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0028): libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API. CVE-2013-6458 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6458): Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command. Maintainer(s), Thank you for cleanup! Added to existing GLSA request This issue was resolved and addressed in GLSA 201412-04 at http://security.gentoo.org/glsa/glsa-201412-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : A race condition was found in the way libvirtd handled keepalive initialization requests when the connection is closed prior to establishing connection credentials. A remote attacker could use this flaw to crash libvirtd (DoS). Upstream patches: http://libvirt.org/git/?p=libvirt.git;a=commit;h=173c291 http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.