Date: Mon, 01 Jul 2013 13:06:51 -0600 From: Eric Blake <eblake@...hat.com> To: kseifried@...hat.com CC: oss-security@...ts.openwall.com, libvirt-security@...hat.com Subject: Re: [Libvirt-Security] CVE-2013-2218 -- libvirt: crash when listing network interfaces with filters On 07/01/2013 12:49 PM, Kurt Seifried wrote: > On 07/01/2013 09:21 AM, Petr Matousek wrote: >> The virConnectListAllInterfaces method has a double-free of the >> 'struct netcf_if' object when any of the filtering flags cause an >> interface to be skipped over. For example when running the command >> 'virsh iface-list --inactive' > >> Upstream fix: >> http://libvirt.org/git/?p=libvirt.git;a=commit;h=244e0b8cf15ca2ef48d82058e728656e6c4bad11 > >> References: https://bugzilla.redhat.com/show_bug.cgi?id=980112 > >> Thanks, > > > Please use CVE-2013-2229 for this issue. No, we already assigned CVE-2013-2218 to this issue. CVE-2013-2229 should be closed as a mistake, or reused for some other purpose. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org Download attachment "signature.asc" of type "application/pgp-signature" (622 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.