Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 475434 (CVE-2013-2218) - <app-emulation/libvirt-1.0.6-r1 : virConnectListAllInterfaces crash (CVE-2013-2218)
Summary: <app-emulation/libvirt-1.0.6-r1 : virConnectListAllInterfaces crash (CVE-2013...
Alias: CVE-2013-2218
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~3 [noglsa]
Depends on:
Reported: 2013-07-01 16:57 UTC by Agostino Sarubbo
Modified: 2013-10-02 04:10 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-07-01 16:57:35 UTC
From ${URL} :

Daniel P. Berrange reported:

"As non-root, simply run:

  # virsh -c qemu:///system --readonly iface-list --inactive                                                                                                                                                   

The libvirtd daemon will crash with one of a number of different
stack traces, for example:

*** Error in `/home/berrange/src/virt/libvirt/daemon/.libs/lt-libvirtd': invalid fastbin entry 
(free): 0x00007f03fc02a1b0 ***
======= Backtrace: =========

Looking at the code, we have a double-free of the 'struct netcf_if'
object when any of the filtering flags are set. Hence this only
happens if you pass  '--inactive' to virsh."

Upstream fix:;a=commit;h=244e0b8cf15ca2ef48d82058e728656e6c4bad11

@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Doug Goldstein (RETIRED) gentoo-dev 2013-07-01 21:06:20 UTC
Only affected 1.0.6, which was only ever ~arch. The fix was committed at the same time the embargo was lifted.

Ball is in your court security herd.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-10-02 04:10:32 UTC
CVE-2013-2218 (
  Double free vulnerability in the virConnectListAllInterfaces method in
  interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers
  to cause a denial of service (libvirtd crash) via a filtering flag that
  causes an interface to be skipped, as demonstrated by the "virsh iface-list
  --inactive" command.