Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 496204 (CVE-2013-6436) - <app-emulation/libvirt-1.2.0-r1: "lxcDomainGetMemoryParameters()" Denial of Service Vulnerabilities (CVE-2013-{6436,6457})
Summary: <app-emulation/libvirt-1.2.0-r1: "lxcDomainGetMemoryParameters()" Denial of S...
Status: RESOLVED FIXED
Alias: CVE-2013-6436
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/56245/
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-27 18:05 UTC by Agostino Sarubbo
Modified: 2014-12-08 23:48 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-12-27 18:05:32 UTC
From ${URL} :

Description

Some vulnerabilities have been reported in libvirt, which can be exploited by malicious, local 
users to cause a DoS (Denial of Service).

The vulnerabilities are caused due to some errors within the "lxcDomainGetMemoryParameters()" 
function (lxc/lxc_driver.c) and can be exploited to cause NULL pointer dereferences by issuing the 
"virsh memtune" command for an LXC domain that is not currently running.


Solution:
Fixed in the git repository.

Further details available to Secunia VIM customers

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=f8c1cb90213508c4f32549023b0572ed774e48aa


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Doug Goldstein gentoo-dev 2013-12-28 17:16:28 UTC
Fix available in tree in app-emulation/libvirt-1.2.0-r1. NOTE: dev-python/libvirt-python-1.2.0 MUST go stable at the same time as this version otherwise users will get and upgrade/downgrade cycle.
Comment 2 Agostino Sarubbo gentoo-dev 2013-12-28 17:25:46 UTC
Arch teams, please test and mark stable:

=app-emulation/libvirt-1.2.0-r1
=dev-python/libvirt-python-1.2.0

Target stable KEYWORDS : amd64 x86
Comment 3 Agostino Sarubbo gentoo-dev 2013-12-28 18:27:27 UTC
(In reply to Doug Goldstein from comment #1)
> Fix available in tree in app-emulation/libvirt-1.2.0-r1. 
I don't see this ebuild in cvs, did you really commit it?
Comment 4 Doug Goldstein gentoo-dev 2013-12-29 01:17:27 UTC
@security: As part of this bump I fixed CVE-2013-6457 as well, which is an unrelated issue but should save the arch teams an extra stabilization and users an extra upgrade.  

There's going to be a -r2 fairly soon due to some other publicly disclosed issues.
Comment 5 Agostino Sarubbo gentoo-dev 2014-01-03 20:35:30 UTC
(In reply to Doug Goldstein from comment #4)
> @security: As part of this bump I fixed CVE-2013-6457 as well, which is an
> unrelated issue but should save the arch teams an extra stabilization and
> users an extra upgrade.  
> 
> There's going to be a -r2 fairly soon due to some other publicly disclosed
> issues.

do we need to wait the r2?
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-01-11 17:56:13 UTC
CVE-2013-6436 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6436):
  The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5
  through 1.2.0 does not properly check the status of LXC guests when reading
  memory tunables, which allows local users to cause a denial of service (NULL
  pointer dereference and libvirtd crash) via a guest in the shutdown status,
  as demonstrated by the "virsh memtune" command.
Comment 7 Agostino Sarubbo gentoo-dev 2014-01-22 18:27:20 UTC
amd64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2014-01-22 18:27:41 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 9 toto 2014-01-24 06:16:19 UTC
  (app-emulation/libvirt-1.2.0-r1::gentoo, ebuild scheduled for merge) conflicts with
    >=app-emulation/libvirt-0.7.0[python] required by (app-emulation/virtinst-0.600.4::gentoo, installed)
Comment 10 Yury German Gentoo Infrastructure gentoo-dev Security 2014-01-24 15:48:36 UTC
As per the package Log this version stabilized also fixes CVE-2013-6457.
Adding CVE to the List.
Comment 11 Yury German Gentoo Infrastructure gentoo-dev Security 2014-02-01 15:41:12 UTC
Maintainer(s), Thank you for your work!

Cleanup done
Comment 12 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2014-02-04 13:23:23 UTC
Added to existing glsa draft.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2014-02-04 13:41:39 UTC
CVE-2013-6457 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6457):
  The libxlDomainGetNumaParameters function in the libxl driver
  (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize
  the nodemap, which allows local users to cause a denial of service (invalid
  free operation and crash) or possibly execute arbitrary code via an inactive
  domain to the virsh numatune command.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2014-12-08 23:48:15 UTC
This issue was resolved and addressed in
 GLSA 201412-04 at http://security.gentoo.org/glsa/glsa-201412-04.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).