Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 483048 (CVE-2013-4292) - <app-emulation/libvirt-1.1.1-r5 : multiple vulnerabilities (CVE-2013-{4292,5651})
Summary: <app-emulation/libvirt-1.1.1-r5 : multiple vulnerabilities (CVE-2013-{4292,56...
Status: RESOLVED FIXED
Alias: CVE-2013-4292
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-08-30 19:13 UTC by Doug Goldstein
Modified: 2014-12-08 23:47 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Doug Goldstein gentoo-dev 2013-08-30 19:13:01 UTC
=app-emulation/libvirt-1.1.1-r5

target keywords: amd64 x86
Comment 1 Agostino Sarubbo gentoo-dev 2013-08-31 10:14:09 UTC
amd64 stable
Comment 2 Rick Farina (Zero_Chaos) gentoo-dev 2013-09-01 21:42:40 UTC
(In reply to Agostino Sarubbo from comment #1)
> amd64 stable

Making all in src
make[2]: Entering directory `/var/tmp/portage/app-emulation/libvirt-1.1.1-r5/work/libvirt-1.1.1/src'
/usr/bin/perl -w ./rpc/gendispatch.pl --mode=server \
  virLXCMonitor VIR_LXC_MONITOR ./lxc/lxc_monitor_protocol.x > lxc/lxc_controller_dispatch.h
/usr/bin/perl -w ./rpc/genprotocol.pl /usr/bin/rpcgen -h \
       remote/remote_protocol.x remote/remote_protocol.h
/usr/bin/perl -w ./rpc/gendispatch.pl --mode=client \
  remote REMOTE ./remote/remote_protocol.x > remote/remote_client_bodies.h
/usr/bin/perl -w ./rpc/gendispatch.pl --mode=aclheader \
  remote REMOTE ./remote/remote_protocol.x > access/viraccessapicheck.h
/usr/bin/perl -w ./rpc/gendispatch.pl --mode=aclbody \
  remote REMOTE ./remote/remote_protocol.x access/viraccessapicheck.h > access/viraccessapicheck.c
/usr/bin/perl -w ./rpc/gendispatch.pl --mode=aclsym \
  remote REMOTE ./remote/remote_protocol.x > libvirt_access.syms
/usr/bin/perl -w ./rpc/gendispatch.pl --mode=aclsym \
  qemu QEMU ./remote/qemu_protocol.x > libvirt_access_qemu.syms
/usr/bin/perl -w ./rpc/gendispatch.pl --mode=aclsym \
  lxc LXC ./remote/lxc_protocol.x > libvirt_access_lxc.syms
/usr/bin/rpcgen: C preprocessor failed with exit code 1
rm -f -- libvirt_qemu.def-tmp libvirt_qemu.def ; \
printf 'EXPORTS\n' > libvirt_qemu.def-tmp && \
sed -e '/^$/d; /#/d; /:/d; /}/d; /\*/d; /LIBVIRT_/d'    \
    -e 's/[      ]*\(.*\)\;/    \1/g' libvirt_qemu.syms >> libvirt_qemu.def-tmp && \
chmod a-w libvirt_qemu.def-tmp && \
mv libvirt_qemu.def-tmp libvirt_qemu.def
cannot shutdown /usr/bin/rpcgen:  at ./rpc/genprotocol.pl line 136.
make[2]: *** [remote/remote_protocol.h] Error 1
make[2]: *** Waiting for unfinished jobs....
make[2]: Leaving directory `/var/tmp/portage/app-emulation/libvirt-1.1.1-r5/work/libvirt-1.1.1/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/app-emulation/libvirt-1.1.1-r5/work/libvirt-1.1.1'
make: *** [all] Error 2


just me?
Comment 3 Rick Farina (Zero_Chaos) gentoo-dev 2013-09-01 21:56:25 UTC
sorry, read my logs wrong, this failure is on i686...although not sure why.
Comment 4 Rick Farina (Zero_Chaos) gentoo-dev 2013-09-01 21:58:50 UTC
last update, it failed on both for me
Comment 5 Doug Goldstein gentoo-dev 2013-09-02 00:11:46 UTC
(In reply to Rick Farina (Zero_Chaos) from comment #4)
> last update, it failed on both for me

what glibc version?
Comment 6 Rick Farina (Zero_Chaos) gentoo-dev 2013-09-02 02:17:09 UTC
(In reply to Doug Goldstein from comment #5)
> (In reply to Rick Farina (Zero_Chaos) from comment #4)
> > last update, it failed on both for me
> 
> what glibc version?

glibc-2.15-r3

worked on my host system, failed 8 times in a row on a catalyst build... not really sure why. parallelization bug? the error looks pretty weird.
Comment 7 Rick Farina (Zero_Chaos) gentoo-dev 2013-09-02 02:20:30 UTC
I didn't even think about it, but I'm on hardened, and it's failing in a chroot.  Is it doing something evil and grsec is blocking maybe?

kernel.grsecurity.chroot_deny_fchdir = 1
kernel.grsecurity.chroot_deny_mknod = 0
kernel.grsecurity.chroot_deny_shmat = 1
kernel.grsecurity.chroot_deny_sysctl = 1
kernel.grsecurity.chroot_deny_unix = 1
kernel.grsecurity.chroot_enforce_chdir = 1
kernel.grsecurity.chroot_findtask = 1
kernel.grsecurity.chroot_restrict_nice = 1
Comment 8 Doug Goldstein gentoo-dev 2013-09-02 03:31:47 UTC
(In reply to Rick Farina (Zero_Chaos) from comment #6)
> (In reply to Doug Goldstein from comment #5)
> > (In reply to Rick Farina (Zero_Chaos) from comment #4)
> > > last update, it failed on both for me
> > 
> > what glibc version?
> 
> glibc-2.15-r3
> 
> worked on my host system, failed 8 times in a row on a catalyst build... not
> really sure why. parallelization bug? the error looks pretty weird.

Not sure. I'm about to add 1.1.2 to the tree and you should be able to give that a whirl and not run into an issue.
Comment 9 Doug Goldstein gentoo-dev 2013-09-02 03:32:59 UTC
(In reply to Doug Goldstein from comment #0)
> =app-emulation/libvirt-1.1.1-r5
> 
> target keywords: amd64 x86

FWIW, this stable request was to fix: CVE-2013-5651 and CVE-2013-4292.
Comment 10 Agostino Sarubbo gentoo-dev 2013-09-02 06:14:53 UTC
(In reply to Doug Goldstein from comment #9)
> (In reply to Doug Goldstein from comment #0)
> > =app-emulation/libvirt-1.1.1-r5
> > 
> > target keywords: amd64 x86
> 
> FWIW, this stable request was to fix: CVE-2013-5651 and CVE-2013-4292.

Then, this is a security bug :)

CVE-2013-4291:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=745aa55fbf3e076c4288d5ec3239f5a5d43508a6

CVE-2013-4292:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=fd6f6a48619eb221afeb1c5965537534cd54e01d

CVE-2013-5651
http://libvirt.org/git/?p=libvirt.git;a=commit;h=47b9127e883677a0d60d767030a147450e919a25
Comment 11 Doug Goldstein gentoo-dev 2013-09-02 18:44:32 UTC
CVE-2013-4291 didn't affect Gentoo with how we package libvirt.
Comment 12 Agostino Sarubbo gentoo-dev 2013-09-07 19:20:37 UTC
(In reply to Doug Goldstein from comment #11)
> CVE-2013-4291 didn't affect Gentoo with how we package libvirt.

Thanks for point it.

@security, please vote
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2013-10-02 04:05:32 UTC
CVE-2013-5651 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5651):
  The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2
  allows context-dependent attackers to cause a denial of service
  (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a
  large nodeset value to numatune.

CVE-2013-4292 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4292):
  libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service
  (memory consumption) via a large number of domain migrate parameters in
  certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.
Comment 14 Sergey Popov gentoo-dev 2013-10-02 09:21:09 UTC
Added to existing GLSA draft
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2014-12-08 23:47:31 UTC
This issue was resolved and addressed in
 GLSA 201412-04 at http://security.gentoo.org/glsa/glsa-201412-04.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).