[Pkg-libvirt-maintainers] Bug#734556: Bug#734556: libvirt: CVE-2013-6458: qemu: job usage issue in several APIs leading to libvirtd crash
Guido Günther
agx at sigxcpu.org
Thu Jan 9 07:54:21 UTC 2014
On Wed, Jan 08, 2014 at 07:16:18AM +0100, Salvatore Bonaccorso wrote:
> Package: libvirt
> Severity: grave
> Tags: security upstream patch fixed-upstream
>
> Hi Guido,
>
> Disclaimer: I have not checked to reproduce the crash, just shortly
> checked latest unstable version. Have set grave as per "[...] could
> allow an attacker who is able to establish a read-only connection to
> libvirtd to crash libvirtd".
I do think it affects all releases.
Cheers,
-- Guido
>
> the following vulnerability was published for libvirt.
>
> CVE-2013-6458[0]:
> job usage issue in several APIs leading to libvirtd crash
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458
> http://security-tracker.debian.org/tracker/CVE-2013-6458
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1048631
> [2] http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad
> (upstream fix)
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore
>
> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers
>
More information about the Pkg-libvirt-maintainers
mailing list