From ${URL}: When user doesn't have read access on one of the domains he requested, the for loop in qemuConnectGetAllDomainStats() could exit abruptly or continue and override pointer which pointed to locked object. With certain configuration, this can either cause a deadlock (it leaves a domain locked) or a segmentation fault when domain object has its reference counter decremented when it was not incremented. With certain configuration, a remote attacker able to establish a read-only connection to libvirtd could use this flaw to caus denial of service condition or crash libvirtd. Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=d1bde8ed http://libvirt.org/git/?p=libvirt.git;a=commit;h=1f4831ee Upstream patch: https://www.redhat.com/archives/libvir-list/2014-December/msg00551.html
*libvirt-1.2.10-r1 (10 Dec 2014) 10 Dec 2014; Matthias Maier <tamiko@gentoo.org> +files/libvirt-1.2.10-cve-2014-8131.patch, +libvirt-1.2.10-r1.ebuild, -libvirt-1.2.10.ebuild, -libvirt-1.2.9.1-r1.ebuild: fix for CVE-2014-8131, bug #532204, drop vulnerable unstable Vulnerable version left in tree: 1.2.9-r2. I wanted to start the stabilization of libvirt-1.2.10 today anyway. So we just go for it :-) Arches, please mark stable app-emulation/libvirt-1.2.10-r1 Target keywords: amd64 x86
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
11 Dec 2014; Matthias Maier <tamiko@gentoo.org> -libvirt-1.2.9-r2.ebuild: drop vulnerable version, CVE-2014-8131, bug #532204
GLSA Vote: No
*libvirt-1.2.10-r2 (11 Dec 2014) 11 Dec 2014; Matthias Maier <tamiko@gentoo.org> +files/libvirt-1.2.10-cve-2014-8131-part2.patch, +libvirt-1.2.10-r2.ebuild: Apply followup patch as well, CVE-2014-8131, bug #532204 The upstream patch 57023c0a3af4af1c547189c1f6712ed5edeb0c0b as applied in 1.2.10-r1 did open up another security issue [1]. Applied the followup commit cb104ef734dfea12cb8826dba7e2c98912c4b7e1 that fixes it to version 1.2.10-r2. [1] https://www.redhat.com/archives/libvir-list/2014-December/msg00624.html Arches, please stabilize app-emulation/libvirt-1.2.10-r2 Target-keywords: amd64 x86
12 Dec 2014; Matthias Maier <tamiko@gentoo.org> -libvirt-1.2.10-r1.ebuild: drop vulnerable version, CVE-2014-8131, bug #532204
Added to existing GLSA request
This issue was resolved and addressed in GLSA 201412-36 at http://security.gentoo.org/glsa/glsa-201412-36.xml by GLSA coordinator Kristian Fiskerstrand (K_F).