[Pkg-libvirt-maintainers] Bug#633630: Bug#633630: CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
Guido Günther
agx at sigxcpu.org
Tue Jul 12 15:16:00 UTC 2011
Hi Salvatore,
On Tue, Jul 12, 2011 at 12:29:14PM +0200, Salvatore Bonaccorso wrote:
> Source: libvirt
> Version: 0.9.2
> Severity: important
> Tags: security
>
> Hi Guido
>
> In [1] (CVE-2011-2511) an integer overflow in VirDomainGetVcpus for
> libvirt is mentioned. This is fixed in new upstream 0.9.3. Here [2] is
> the patch applied by upstream. Can/should there be an update to for
> stable (if affected?).
Yes. Lenny, Squeeze, Wheezy and Sid look vulnerable. I've uploaded a
fixed version for sid though.
Cheers,
-- Gudio
>
> [1] http://www.securityfocus.com/bid/48478/info
> [2] https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
> [3] http://security-tracker.debian.org/CVE-2011-2511
>
> Regards
> Salvatore
>
> -- System Information:
> Debian Release: wheezy/sid
> APT prefers unstable
> APT policy: (500, 'unstable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
> Shell: /bin/sh linked to /bin/dash
>
>
>
> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers
>
More information about the Pkg-libvirt-maintainers
mailing list