oss-security - CVE Request -- libguestfs (1.21.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Wed, 29 May 2013 08:21:42 -0400 (EDT)
From: Jan Lieskovsky <jlieskov@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>,
        Richard Jones <rjones@...hat.com>
Subject: CVE Request -- libguestfs (1.21.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 |
 1.23.1): Denial of service due to a double-free when inspecting certain
 guest files / images

Hello Kurt, Steve, vendors,

  LibguestFS upstream has issued the following patch:
  [1] https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd

to correct a double-free flaw in the virt-inspector / other virt-* tools,
which could lead to denial of service if some of the tools were used by
3rd party applications for inspection of untrusted guest files / images:

  [2] https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html
  [3] https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html

Could you allocate a CVE identifier for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.