Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 424165 (CVE-2012-2693) - <app-emulation/libvirt-0.9.12: possible data leak (CVE-2012-2693)
Summary: <app-emulation/libvirt-0.9.12: possible data leak (CVE-2012-2693)
Alias: CVE-2012-2693
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: C4 [noglsa]
Depends on:
Reported: 2012-06-29 21:07 UTC by GLSAMaker/CVETool Bot
Modified: 2012-07-19 20:48 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2012-06-29 21:07:21 UTC
CVE-2012-2693 (
  libvirt, possibly before 0.9.12, does not properly assign USB devices to
  virtual machines when multiple devices have the same vendor and product ID,
  which might cause the wrong device to be associated with a guest and might
  allow local users to access unintended USB devices.
Comment 1 Doug Goldstein (RETIRED) gentoo-dev 2012-06-30 01:32:59 UTC
I've added the original RedHat bugzilla entry where I believe we discussed this originally. Unfortunately its locked so I can't confirm.
Comment 2 Doug Goldstein (RETIRED) gentoo-dev 2012-06-30 01:37:37 UTC
Just looking at the patches I believe fix this, it appears they are in and 0.9.12.
Comment 3 Doug Goldstein (RETIRED) gentoo-dev 2012-06-30 01:47:23 UTC
FWIW, 0.9.12 and are both in the tree and can be stabilized.
Comment 4 Sean Amoss (RETIRED) gentoo-dev Security 2012-07-11 20:13:30 UTC
Thanks, Doug.

Arches, please test and mark stable:


Target KEYWORDS: "amd64 x86"
Comment 5 Agostino Sarubbo gentoo-dev 2012-07-15 11:36:45 UTC
amd64 stable
Comment 6 Jeff (JD) Horelick (RETIRED) gentoo-dev 2012-07-18 05:18:22 UTC
x86 stable
Comment 7 Sean Amoss (RETIRED) gentoo-dev Security 2012-07-19 20:48:27 UTC
Thanks, everyone.

Closing noglsa for C4 rating.