[Pkg-libvirt-maintainers] Bug#710290: libguestfs: Denial of service due to a double-free when inspecting certain guest files / images

Henri Salo henri at nerv.fi
Wed May 29 16:00:13 UTC 2013


Package: libguestfs
Version: 1:1.20.6-4
Severity: important
Tags: security patch upstream confirmed

LibguestFS upstream has issued the following patch[1] to correct a double-free
flaw in the virt-inspector / other virt-* tools, which could lead to denial of
service if some of the tools were used by 3rd party applications for inspection
of untrusted guest files / images[2][3]. Information from oss-security[4].

1: https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd
2: https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html
3: https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html
4: http://www.openwall.com/lists/oss-security/2013/05/29/2

---
Henri Salo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-libvirt-maintainers/attachments/20130529/43d91def/attachment.pgp>


More information about the Pkg-libvirt-maintainers mailing list