Summary: | <app-emulation/libvirt-{1.2.10-r3,1.2.11-r2}: two DoS (CVE-2014-{8135,8136}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | cardoe, tamiko, virtualization |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-12-22 13:39:26 UTC
Agostino, you're fast :-) The official announcement on the libvir mailing list came just now and this bug is already open for more than 24h. (I've read the bug tracker mail yesterday but totally forgot about it...) *libvirt-1.2.10-r3 (23 Dec 2014) 23 Dec 2014; Matthias Maier <tamiko@gentoo.org> +libvirt-1.2.10-r3.ebuild, -files/libvirt-1.2.9-cve-2014-7823.patch: maintain upstream libvirt patches in own github repository; apply patches for CVE-2014-8135, CVE-2014-8136 This is fixed in: 1.2.10-r3, 1.2.11-r2 Vulnerable version in tree: 1.2.10-r2 Arches, please stabilize libvirt-1.2.10-r3, best along with dev-python/libvirt-python-1.2.10, bug #532438 :-) Target keywords: amd64 x86 amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. Arches and Maintainer(s), Thank you for your work. GLSA Vote: Yes CVE-2014-8135 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8135): The storageVolUpload function in storage/storage_driver.c in libvirt does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command. GLSA Vote: Yes Created new request 24 Dec 2014; Matthias Maier <tamiko@gentoo.org> -libvirt-1.2.10-r2.ebuild: drop vulnerable, bug #533286, CVE-2014-8135, CVE-2014-8136 CVE-2014-8136 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8136): The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. This issue was resolved and addressed in GLSA 201412-36 at http://security.gentoo.org/glsa/glsa-201412-36.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |