[Pkg-libvirt-maintainers] Bug#708647: Bug#708647: libvirt: CVE-2013-1962: DoS (max count of open files exhaustion) due sockets leak in the storage pool
Guido Günther
agx at sigxcpu.org
Tue May 21 04:26:04 UTC 2013
On Fri, May 17, 2013 at 03:56:36PM +0200, Salvatore Bonaccorso wrote:
> Package: libvirt
> Version: 1.0.5-2
> Severity: grave
> Tags: security upstream patch
>
> Hi,
>
> the following vulnerability was published for libvirt.
>
> CVE-2013-1962[0]:
> DoS (max count of open files exhaustion) due sockets leak in the storage pool
>
> Upstream patch can be found at [1].
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1962
> http://security-tracker.debian.org/tracker/CVE-2013-1962
> [1] http://libvirt.org/git/?p=libvirt.git;a=commit;h=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739
>
> Only experimental version should be affected. Note, the serverity
> grave might be a bit overrated in this case, so if you do not agree
> please downgrade to important.
Just for the record: I double checked that oldstable/stable/sid aren't
affected.
Cheers,
-- Guido
>
> Regards,
> Salvatore
>
> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers
>
More information about the Pkg-libvirt-maintainers
mailing list