|
Message-ID: <5209429B.6020307@redhat.com> Date: Mon, 12 Aug 2013 14:16:27 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com, libvirt-security@...hat.com Subject: Re: CVE Request -- libvirt: memory corruption in xenDaemonListDefinedDomains function -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/12/2013 12:19 PM, Petr Matousek wrote: > Commit 632180d1 introduced memory corruption in > xenDaemonListDefinedDomains() by starting to populate the names > array at index -1, causing all sorts of havoc in libvirtd such as > aborts like the following > > *** Error in `/usr/sbin/libvirtd': double free or corruption > (out): 0x00007fffe00ccf20 *** > > The xenDaemonListDefinedDomains() function is reached by the > virConnectListDefinedDomains() public API, which can be used on > read-only connections. > > Introduced in: libvirt v1.1.1 > > Introduced by: > http://libvirt.org/git/?p=libvirt.git;a=commit;h=632180d1 > > Fixed by: > http://libvirt.org/git/?p=libvirt.git;a=commit;h=0e671a16 > > Reference: https://bugzilla.redhat.com/show_bug.cgi?id=996241 > > Thanks, > Please use CVE-2013-4239 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJSCUKbAAoJEBYNRVNeJnmTP4UP/334HI3Q+UKvpZ65UAhEigCH pFtwVcyCOgyAVjI36ZyfuWBDBJNYlMSYo1tEEl3cbEIRPaISt+98TI/ZCK+itpcn b3JEgShTGxN/gnxwNbu6NjzoiGHc/fIoiGeiUTc78xl3/eBPIehThAw7jDoRRBWa bM5cphZtQAWYrlzOj60DZ3QPqBUJbkpCdFLgVmgjXDo2RbeZTKxXHyQ3/1tBrCgV GPpnc+2+YXDeKqbZQr1SKfzmi7BYUvYK2XD+TE6FNfJxsjAa+tg+ALxOLZXsxs/j moX98uyNFu5lsrAIF0idyFDVoLI8JFWZnO0e4P6cm+hYk5BKXHW2rAoDu/ZD4JqM 2W+X5QUYZ3f0RKtIQZ+26f7SIu7TbE5cGX3d/vWEuOD/XAO0Yn1lkid7e6zVVuJx gqI8SSGVlNMbAKOTD7JaPu8NulKa+KdjT7vUrNz3uGD5yW1i8MNgwn6uGR6t5QJy 73Ec0ze7UUPjwS9kLOq16OonezF8wmzll8QhwP6ZGMQQpFKV4hAtLsbBruCISsjn REob17GN0RI1KicZZz91c9rAhF1ogjhSK6xqrgNN2gyzycL7DGwsqlrNLDGd0u13 4WHoExaUEk262pIivcIdNiaUJXAFV8gBbLOPade9VTluPd8MuEiHAPHVeRvlB79r Ae3hpuCBnfJetHcm6zPl =7B7x -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.