From https://bugzilla.redhat.com/show_bug.cgi?id=683650: It has been found that several libvirt API calls (virNodeDeviceDettach, virNodeDeviceReset, virDomainRevertToSnapshot, virDomainSnapshotDelete) did not honour read-only connection. Remote attacker could use this flaw to crash the host server (DoS). Patch (applied upstream): see $URL
0.8.8-r1 in tree.
(In reply to comment #1) > 0.8.8-r1 in tree. Thank you. Arches, please test and mark stable: =app-emulation/libvirt-0.8.8-r1 Target keywords : "amd64 x86"
amd64 ok
amd64 done. Thanks Agostino
x86 stable.
Thanks, folks. GLSA Vote: yes.
Yes, too. GLSA request filed.
CVE-2011-1146 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1146): libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.
Affected versions are no longer in tree.
This issue was resolved and addressed in GLSA 201202-07 at http://security.gentoo.org/glsa/glsa-201202-07.xml by GLSA coordinator Stefan Behte (craig).
