[Pkg-libvirt-maintainers] Bug#633630: Bug#633630: CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
Guido Günther
agx at sigxcpu.org
Tue Jul 12 21:24:26 UTC 2011
On Tue, Jul 12, 2011 at 12:29:14PM +0200, Salvatore Bonaccorso wrote:
> Source: libvirt
> Version: 0.9.2
> Severity: important
> Tags: security
>
> Hi Guido
>
> In [1] (CVE-2011-2511) an integer overflow in VirDomainGetVcpus for
> libvirt is mentioned. This is fixed in new upstream 0.9.3. Here [2] is
> the patch applied by upstream. Can/should there be an update to for
> stable (if affected?).
>
> [1] http://www.securityfocus.com/bid/48478/info
> [2] https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
> [3] http://security-tracker.debian.org/CVE-2011-2511
Attached patch fixes the issue for stable. We should also fix #623222
while at that. O.k. to upload a version to stable-security?
Cheers,
-- Guido
>
> Regards
> Salvatore
>
> -- System Information:
> Debian Release: wheezy/sid
> APT prefers unstable
> APT policy: (500, 'unstable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
> Shell: /bin/sh linked to /bin/dash
>
>
>
> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-integer-overflow-in-VirDomainGetVcpus.patch
Type: text/x-diff
Size: 6486 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-libvirt-maintainers/attachments/20110712/4b2f86b3/attachment.patch>
More information about the Pkg-libvirt-maintainers
mailing list