From https://bugzilla.redhat.com/show_bug.cgi?id=1176182: Common Vulnerabilities and Exposures assigned an identifier CVE-2014-8135 to the following vulnerability: Name: CVE-2014-8135 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8135 Assigned: 20141010 Reference: http://secunia.com/advisories/61111 The storageVolUpload function in storage/storage_driver.c in libvirt does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command. Upstream commit that addresses this issue: http://libvirt.org/git/?p=libvirt.git;a=commit;h=87b9437f8951f9d24f9a85c6bbfff0e54df8c984 From https://bugzilla.redhat.com/show_bug.cgi?id=1176176: Common Vulnerabilities and Exposures assigned an identifier CVE-2014-8136 to the following vulnerability: Name: CVE-2014-8136 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8136 Assigned: 20141010 Reference: http://secunia.com/advisories/61111 The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. Upstream commit that addresses this: http://libvirt.org/git/?p=libvirt.git;a=commit;h=2bdcd29c713dfedd813c89f56ae98f6f3898313d @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Agostino, you're fast :-) The official announcement on the libvir mailing list came just now and this bug is already open for more than 24h. (I've read the bug tracker mail yesterday but totally forgot about it...) *libvirt-1.2.10-r3 (23 Dec 2014) 23 Dec 2014; Matthias Maier <tamiko@gentoo.org> +libvirt-1.2.10-r3.ebuild, -files/libvirt-1.2.9-cve-2014-7823.patch: maintain upstream libvirt patches in own github repository; apply patches for CVE-2014-8135, CVE-2014-8136 This is fixed in: 1.2.10-r3, 1.2.11-r2 Vulnerable version in tree: 1.2.10-r2 Arches, please stabilize libvirt-1.2.10-r3, best along with dev-python/libvirt-python-1.2.10, bug #532438 :-) Target keywords: amd64 x86
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
Arches and Maintainer(s), Thank you for your work. GLSA Vote: Yes
CVE-2014-8135 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8135): The storageVolUpload function in storage/storage_driver.c in libvirt does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.
GLSA Vote: Yes Created new request
24 Dec 2014; Matthias Maier <tamiko@gentoo.org> -libvirt-1.2.10-r2.ebuild: drop vulnerable, bug #533286, CVE-2014-8135, CVE-2014-8136
CVE-2014-8136 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8136): The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
This issue was resolved and addressed in GLSA 201412-36 at http://security.gentoo.org/glsa/glsa-201412-36.xml by GLSA coordinator Kristian Fiskerstrand (K_F).
