oss-sec mailing list archives
Re: CVE Request -- libvirt: memory corruption in xenDaemonListDefinedDomains function
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 12 Aug 2013 14:16:27 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/12/2013 12:19 PM, Petr Matousek wrote:
Commit 632180d1 introduced memory corruption in xenDaemonListDefinedDomains() by starting to populate the names array at index -1, causing all sorts of havoc in libvirtd such as aborts like the following *** Error in `/usr/sbin/libvirtd': double free or corruption (out): 0x00007fffe00ccf20 *** The xenDaemonListDefinedDomains() function is reached by the virConnectListDefinedDomains() public API, which can be used on read-only connections. Introduced in: libvirt v1.1.1 Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=632180d1 Fixed by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=0e671a16 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=996241 Thanks,
Please use CVE-2013-4239 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJSCUKbAAoJEBYNRVNeJnmTP4UP/334HI3Q+UKvpZ65UAhEigCH pFtwVcyCOgyAVjI36ZyfuWBDBJNYlMSYo1tEEl3cbEIRPaISt+98TI/ZCK+itpcn b3JEgShTGxN/gnxwNbu6NjzoiGHc/fIoiGeiUTc78xl3/eBPIehThAw7jDoRRBWa bM5cphZtQAWYrlzOj60DZ3QPqBUJbkpCdFLgVmgjXDo2RbeZTKxXHyQ3/1tBrCgV GPpnc+2+YXDeKqbZQr1SKfzmi7BYUvYK2XD+TE6FNfJxsjAa+tg+ALxOLZXsxs/j moX98uyNFu5lsrAIF0idyFDVoLI8JFWZnO0e4P6cm+hYk5BKXHW2rAoDu/ZD4JqM 2W+X5QUYZ3f0RKtIQZ+26f7SIu7TbE5cGX3d/vWEuOD/XAO0Yn1lkid7e6zVVuJx gqI8SSGVlNMbAKOTD7JaPu8NulKa+KdjT7vUrNz3uGD5yW1i8MNgwn6uGR6t5QJy 73Ec0ze7UUPjwS9kLOq16OonezF8wmzll8QhwP6ZGMQQpFKV4hAtLsbBruCISsjn REob17GN0RI1KicZZz91c9rAhF1ogjhSK6xqrgNN2gyzycL7DGwsqlrNLDGd0u13 4WHoExaUEk262pIivcIdNiaUJXAFV8gBbLOPade9VTluPd8MuEiHAPHVeRvlB79r Ae3hpuCBnfJetHcm6zPl =7B7x -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- libvirt: memory corruption in xenDaemonListDefinedDomains function Petr Matousek (Aug 12)
- Re: CVE Request -- libvirt: memory corruption in xenDaemonListDefinedDomains function Kurt Seifried (Aug 12)