[Pkg-libvirt-maintainers] Bug#708647: Bug#708647: libvirt: CVE-2013-1962: DoS (max count of open files exhaustion) due sockets leak in the storage pool

Guido Günther agx at sigxcpu.org
Tue May 21 04:26:04 UTC 2013


On Fri, May 17, 2013 at 03:56:36PM +0200, Salvatore Bonaccorso wrote:
> Package: libvirt
> Version: 1.0.5-2
> Severity: grave
> Tags: security upstream patch
> 
> Hi,
> 
> the following vulnerability was published for libvirt.
> 
> CVE-2013-1962[0]:
> DoS (max count of open files exhaustion) due sockets leak in the storage pool
> 
> Upstream patch can be found at [1].
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1962
>     http://security-tracker.debian.org/tracker/CVE-2013-1962
> [1] http://libvirt.org/git/?p=libvirt.git;a=commit;h=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739
> 
> Only experimental version should be affected. Note, the serverity
> grave might be a bit overrated in this case, so if you do not agree
> please downgrade to important.

Just for the record: I double checked that oldstable/stable/sid aren't
affected.
Cheers,
 -- Guido

> 
> Regards,
> Salvatore
> 
> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers
> 



More information about the Pkg-libvirt-maintainers mailing list