From ${URL} : Description Some vulnerabilities have been reported in libvirt, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerabilities are caused due to some errors within the "lxcDomainGetMemoryParameters()" function (lxc/lxc_driver.c) and can be exploited to cause NULL pointer dereferences by issuing the "virsh memtune" command for an LXC domain that is not currently running. Solution: Fixed in the git repository. Further details available to Secunia VIM customers Provided and/or discovered by: Reported by the vendor. Original Advisory: http://libvirt.org/git/?p=libvirt.git;a=commit;h=f8c1cb90213508c4f32549023b0572ed774e48aa @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Fix available in tree in app-emulation/libvirt-1.2.0-r1. NOTE: dev-python/libvirt-python-1.2.0 MUST go stable at the same time as this version otherwise users will get and upgrade/downgrade cycle.
Arch teams, please test and mark stable: =app-emulation/libvirt-1.2.0-r1 =dev-python/libvirt-python-1.2.0 Target stable KEYWORDS : amd64 x86
(In reply to Doug Goldstein from comment #1) > Fix available in tree in app-emulation/libvirt-1.2.0-r1. I don't see this ebuild in cvs, did you really commit it?
@security: As part of this bump I fixed CVE-2013-6457 as well, which is an unrelated issue but should save the arch teams an extra stabilization and users an extra upgrade. There's going to be a -r2 fairly soon due to some other publicly disclosed issues.
(In reply to Doug Goldstein from comment #4) > @security: As part of this bump I fixed CVE-2013-6457 as well, which is an > unrelated issue but should save the arch teams an extra stabilization and > users an extra upgrade. > > There's going to be a -r2 fairly soon due to some other publicly disclosed > issues. do we need to wait the r2?
CVE-2013-6436 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6436): The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command.
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
(app-emulation/libvirt-1.2.0-r1::gentoo, ebuild scheduled for merge) conflicts with >=app-emulation/libvirt-0.7.0[python] required by (app-emulation/virtinst-0.600.4::gentoo, installed)
As per the package Log this version stabilized also fixes CVE-2013-6457. Adding CVE to the List.
Maintainer(s), Thank you for your work! Cleanup done
Added to existing glsa draft.
CVE-2013-6457 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6457): The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.
This issue was resolved and addressed in GLSA 201412-04 at http://security.gentoo.org/glsa/glsa-201412-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F).
