From secunia at $URL: Description A vulnerability has been reported in libvirt, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "virTypedParameterArrayClear()" function when dispatching APIs with typed parameters and can be exploited via a specially crafted RPC packet. Solution Fixed in the GIT repository. Provided and/or discovered by Reported by the vendor. Original Advisory https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
CVE-2012-3445 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3445): The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
I've removed libvirt-0.9.13 and added libvirt-0.9.13-r1, which fixes the CVE.
Thanks, Doug. Are we ok to stabilize libvirt-0.9.13-r1?
(In reply to comment #3) > Thanks, Doug. Are we ok to stabilize libvirt-0.9.13-r1? Yep.
(In reply to comment #4) > (In reply to comment #3) > > Thanks, Doug. Are we ok to stabilize libvirt-0.9.13-r1? > > Yep. Great, thanks. Arches, please test and mark stable: =app-emulation/libvirt-0.9.13-r1 Target keywords : "amd64 x86"
amd64 stable
x86 stable, last arch!
Security please vote.
Thanks, folks. GLSA Vote: no.
GLSA vote: no. Closing no glsa.