[Pkg-libvirt-maintainers] Bug#708647: libvirt: CVE-2013-1962: DoS (max count of open files exhaustion) due sockets leak in the storage pool

Salvatore Bonaccorso carnil at debian.org
Fri May 17 13:56:36 UTC 2013


Package: libvirt
Version: 1.0.5-2
Severity: grave
Tags: security upstream patch

Hi,

the following vulnerability was published for libvirt.

CVE-2013-1962[0]:
DoS (max count of open files exhaustion) due sockets leak in the storage pool

Upstream patch can be found at [1].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1962
    http://security-tracker.debian.org/tracker/CVE-2013-1962
[1] http://libvirt.org/git/?p=libvirt.git;a=commit;h=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739

Only experimental version should be affected. Note, the serverity
grave might be a bit overrated in this case, so if you do not agree
please downgrade to important.

Regards,
Salvatore



More information about the Pkg-libvirt-maintainers mailing list