Bug#734556: [Pkg-libvirt-maintainers] Bug#734556: libvirt: CVE-2013-6458: qemu: job usage issue in several APIs leading to libvirtd crash
On Wed, Jan 08, 2014 at 07:16:18AM +0100, Salvatore Bonaccorso wrote: Package: libvirt Severity: grave Tags: security upstream patch fixed-upstream Hi Guido, Disclaimer: I have not checked to reproduce the crash, just shortly checked latest unstable version. Have set grave as per [...] could allow an attacker who is able to establish a read-only connection to libvirtd to crash libvirtd. I do think it affects all releases. Cheers, -- Guido the following vulnerability was published for libvirt. CVE-2013-6458[0]: job usage issue in several APIs leading to libvirtd crash If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458 http://security-tracker.debian.org/tracker/CVE-2013-6458 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1048631 [2] http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad (upstream fix) Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-libvirt-maintainers mailing list pkg-libvirt-maintain...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#734556: [Pkg-libvirt-maintainers] Bug#734556: libvirt: CVE-2013-6458: qemu: job usage issue in several APIs leading to libvirtd crash
Hi Guido, On Thu, Jan 09, 2014 at 08:54:21AM +0100, Guido Günther wrote: On Wed, Jan 08, 2014 at 07:16:18AM +0100, Salvatore Bonaccorso wrote: Package: libvirt Severity: grave Tags: security upstream patch fixed-upstream Hi Guido, Disclaimer: I have not checked to reproduce the crash, just shortly checked latest unstable version. Have set grave as per [...] could allow an attacker who is able to establish a read-only connection to libvirtd to crash libvirtd. I do think it affects all releases. Thanks for checking already (and the fix to experimental). Adding the found information for the BTS. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org