Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 12 Aug 2013 14:16:27 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com, libvirt-security@...hat.com
Subject: Re: CVE Request -- libvirt: memory corruption in xenDaemonListDefinedDomains
 function

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/12/2013 12:19 PM, Petr Matousek wrote:
> Commit 632180d1 introduced memory corruption in 
> xenDaemonListDefinedDomains() by starting to populate the names
> array at index -1, causing all sorts of havoc in libvirtd such as
> aborts like the following
> 
> *** Error in `/usr/sbin/libvirtd': double free or corruption
> (out): 0x00007fffe00ccf20 ***
> 
> The xenDaemonListDefinedDomains() function is reached by the 
> virConnectListDefinedDomains() public API, which can be used on 
> read-only connections.
> 
> Introduced in: libvirt v1.1.1
> 
> Introduced by: 
> http://libvirt.org/git/?p=libvirt.git;a=commit;h=632180d1
> 
> Fixed by: 
> http://libvirt.org/git/?p=libvirt.git;a=commit;h=0e671a16
> 
> Reference: https://bugzilla.redhat.com/show_bug.cgi?id=996241
> 
> Thanks,
> 

Please use CVE-2013-4239 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJSCUKbAAoJEBYNRVNeJnmTP4UP/334HI3Q+UKvpZ65UAhEigCH
pFtwVcyCOgyAVjI36ZyfuWBDBJNYlMSYo1tEEl3cbEIRPaISt+98TI/ZCK+itpcn
b3JEgShTGxN/gnxwNbu6NjzoiGHc/fIoiGeiUTc78xl3/eBPIehThAw7jDoRRBWa
bM5cphZtQAWYrlzOj60DZ3QPqBUJbkpCdFLgVmgjXDo2RbeZTKxXHyQ3/1tBrCgV
GPpnc+2+YXDeKqbZQr1SKfzmi7BYUvYK2XD+TE6FNfJxsjAa+tg+ALxOLZXsxs/j
moX98uyNFu5lsrAIF0idyFDVoLI8JFWZnO0e4P6cm+hYk5BKXHW2rAoDu/ZD4JqM
2W+X5QUYZ3f0RKtIQZ+26f7SIu7TbE5cGX3d/vWEuOD/XAO0Yn1lkid7e6zVVuJx
gqI8SSGVlNMbAKOTD7JaPu8NulKa+KdjT7vUrNz3uGD5yW1i8MNgwn6uGR6t5QJy
73Ec0ze7UUPjwS9kLOq16OonezF8wmzll8QhwP6ZGMQQpFKV4hAtLsbBruCISsjn
REob17GN0RI1KicZZz91c9rAhF1ogjhSK6xqrgNN2gyzycL7DGwsqlrNLDGd0u13
4WHoExaUEk262pIivcIdNiaUJXAFV8gBbLOPade9VTluPd8MuEiHAPHVeRvlB79r
Ae3hpuCBnfJetHcm6zPl
=7B7x
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ