Bug 10345

Summary: libvirt new security issue CVE-2013-1962
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: davidwhodgins, fundawang, sysadmin-bugs
Version: 3Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/551062/
Whiteboard: has_procedure mga3-64-ok MGA3-32-OK
Source RPM: libvirt-1.0.2-7.mga3.src.rpm CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 6526    

Description David Walser 2013-05-29 15:46:19 CEST 
RedHat has issued an advisory on May 16:
https://rhn.redhat.com/errata/RHSA-2013-0831.html

Patched packages uploaded by Funda for Mageia 3 and Cauldron.

Advisory:
========================

Updated libvirt packages fix security vulnerability:

It was found that libvirtd leaked file descriptors when listing all volumes
for a particular pool. A remote attacker able to establish a read-only
connection to libvirtd could use this flaw to cause libvirtd to consume all
available file descriptors, preventing other users from using libvirtd
services (such as starting a new guest) until libvirtd is restarted
(CVE-2013-1962).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1962
https://rhn.redhat.com/errata/RHSA-2013-0831.html
========================

Updated packages in core/updates_testing:
========================
libvirt0-1.0.2-7.1.mga3
libvirt-devel-1.0.2-7.1.mga3
python-libvirt-1.0.2-7.1.mga3
libvirt-utils-1.0.2-7.1.mga3

from libvirt-1.0.2-7.1.mga3.src.rpm

Reproducible: 

Steps to Reproduce:
David Walser 2013-05-29 15:46:38 CEST

CC: (none) => fundawang
Blocks: (none) => 6526

Comment 1 claire robinson 2013-05-30 16:00:31 CEST 
This can be tested using virt-manager

# systemctl start libvirtd.service

$ virt-manager
claire robinson 2013-05-30 16:00:44 CEST

Whiteboard: (none) => has_procedure

Comment 2 claire robinson 2013-06-03 13:44:07 CEST 
Testing mga3 64
Comment 3 claire robinson 2013-06-03 15:14:56 CEST 
Testing complete mga3 64

Whiteboard: has_procedure => has_procedure mga3-64-ok

Comment 4 claire robinson 2013-06-03 16:07:30 CEST 
I'm having problems with this in i586 but I probably don't have the best hardware to test it with.

When I go to select an iso to install and click on Browse Local, there is a long pause and it eventually says it disconnected from qemu. It does open the file selected dialog but selecting one does nothing as it's disconnected from libvirt.

Not a regression though.
Comment 5 claire robinson 2013-06-03 16:28:54 CEST 
In fact, not even related. virt-manager is a separate package..
Comment 6 Dave Hodgins 2013-06-04 03:08:10 CEST 
(In reply to claire robinson from comment #5)
> In fact, not even related. virt-manager is a separate package..

Confirmed the problem on i586. Workaround is to copy/paste the
/path/filename.iso.

CC: (none) => davidwhodgins

Comment 7 Dave Hodgins 2013-06-04 03:10:51 CEST 
Testing complete on Mageia 3 i586, using virt-viewer.

Could someone from the sysadmin team push the srpm
libvirt-1.0.2-7.1.mga3.src.rpm
from Mageia 3 Core Updates Testing to Core Updates.

Advisory: Updated libvirt packages fix security vulnerability:

It was found that libvirtd leaked file descriptors when listing all volumes
for a particular pool. A remote attacker able to establish a read-only
connection to libvirtd could use this flaw to cause libvirtd to consume all
available file descriptors, preventing other users from using libvirtd
services (such as starting a new guest) until libvirtd is restarted
(CVE-2013-1962).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1962
https://rhn.redhat.com/errata/RHSA-2013-0831.html

https://bugs.mageia.org/show_bug.cgi?id=10345

Keywords: (none) => validated_update
Whiteboard: has_procedure mga3-64-ok => has_procedure mga3-64-ok MGA3-32-OK
CC: (none) => sysadmin-bugs

Comment 8 Nicolas Vigier 2013-06-06 21:43:18 CEST 
Packages have been pushed to updates.

Status: NEW => RESOLVED
CC: (none) => boklm
Resolution: (none) => FIXED

Nicolas Vigier 2014-05-08 18:04:59 CEST

CC: boklm => (none)