[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Aug 2013 20:19:49 +0200
From: Petr Matousek <pmatouse@...hat.com>
To: oss-security@...ts.openwall.com
Cc: libvirt-security@...hat.com
Subject: CVE Request -- libvirt: memory corruption in
xenDaemonListDefinedDomains function
Commit 632180d1 introduced memory corruption in
xenDaemonListDefinedDomains()
by starting to populate the names array at index -1, causing all sorts
of havoc in libvirtd such as aborts like the following
*** Error in `/usr/sbin/libvirtd': double free or corruption (out):
0x00007fffe00ccf20 ***
The xenDaemonListDefinedDomains() function is reached by the
virConnectListDefinedDomains() public API, which can be used on
read-only connections.
Introduced in:
libvirt v1.1.1
Introduced by:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=632180d1
Fixed by:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=0e671a16
Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=996241
Thanks,
--
Petr Matousek / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
