From the Red Hat bug at $URL:
It has been found that calling VirDomainGetVcpus with bogus parameters can lead
to integer overflow and subsequent heap corruption. A remote attacker could use
this flaw to crash libvirtd (DoS).
*** Bug 373709 has been marked as a duplicate of this bug. ***
0.9.3 is in the tree that has this fix.
(In reply to comment #2)
> 0.9.3 is in the tree that has this fix.
Great, thanks. Going with 0.9.3-r1 since 0.9.3 has been removed.
Arches, please test and mark stable:
Target keywords : "amd64 x86"
Please fix a minor issue at bug 379853. Is a regression for me.
yes; requires =sys-process/numactl-2.0.7 for use =numa. Otherwise emerge ok
amd64 done. Thanks Agostino and Ian
x86 stable. Thanks
Thanks, folks. GLSA Vote: Yes.
Integer overflow in libvirt before 0.9.3 allows remote authenticated users
to cause a denial of service (libvirtd crash) and possibly execute arbitrary
code via a crafted VirDomainGetVcpus RPC call that triggers memory
Vote: YES. Added to pending GLSA request.
Affected versions are no longer in tree.
This issue was resolved and addressed in
GLSA 201202-07 at http://security.gentoo.org/glsa/glsa-201202-07.xml
by GLSA coordinator Stefan Behte (craig).