Bug 10345 - libvirt new security issue CVE-2013-1962
: libvirt new security issue CVE-2013-1962
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 3
: i586 Linux
: Normal Severity: major
: ---
Assigned To: QA Team
: Sec team
: http://lwn.net/Vulnerabilities/551062/
: has_procedure mga3-64-ok MGA3-32-OK
: validated_update
:
: 6526
  Show dependency treegraph
 
Reported: 2013-05-29 15:46 CEST by David Walser
Modified: 2014-05-08 18:04 CEST (History)
3 users (show)

See Also:
Source RPM: libvirt-1.0.2-7.mga3.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2013-05-29 15:46:19 CEST
RedHat has issued an advisory on May 16:
https://rhn.redhat.com/errata/RHSA-2013-0831.html

Patched packages uploaded by Funda for Mageia 3 and Cauldron.

Advisory:
========================

Updated libvirt packages fix security vulnerability:

It was found that libvirtd leaked file descriptors when listing all volumes
for a particular pool. A remote attacker able to establish a read-only
connection to libvirtd could use this flaw to cause libvirtd to consume all
available file descriptors, preventing other users from using libvirtd
services (such as starting a new guest) until libvirtd is restarted
(CVE-2013-1962).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1962
https://rhn.redhat.com/errata/RHSA-2013-0831.html
========================

Updated packages in core/updates_testing:
========================
libvirt0-1.0.2-7.1.mga3
libvirt-devel-1.0.2-7.1.mga3
python-libvirt-1.0.2-7.1.mga3
libvirt-utils-1.0.2-7.1.mga3

from libvirt-1.0.2-7.1.mga3.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2013-05-30 16:00:31 CEST
This can be tested using virt-manager

# systemctl start libvirtd.service

$ virt-manager
Comment 2 claire robinson 2013-06-03 13:44:07 CEST
Testing mga3 64
Comment 3 claire robinson 2013-06-03 15:14:56 CEST
Testing complete mga3 64
Comment 4 claire robinson 2013-06-03 16:07:30 CEST
I'm having problems with this in i586 but I probably don't have the best hardware to test it with.

When I go to select an iso to install and click on Browse Local, there is a long pause and it eventually says it disconnected from qemu. It does open the file selected dialog but selecting one does nothing as it's disconnected from libvirt.

Not a regression though.
Comment 5 claire robinson 2013-06-03 16:28:54 CEST
In fact, not even related. virt-manager is a separate package..
Comment 6 Dave Hodgins 2013-06-04 03:08:10 CEST
(In reply to claire robinson from comment #5)
> In fact, not even related. virt-manager is a separate package..

Confirmed the problem on i586. Workaround is to copy/paste the
/path/filename.iso.
Comment 7 Dave Hodgins 2013-06-04 03:10:51 CEST
Testing complete on Mageia 3 i586, using virt-viewer.

Could someone from the sysadmin team push the srpm
libvirt-1.0.2-7.1.mga3.src.rpm
from Mageia 3 Core Updates Testing to Core Updates.

Advisory: Updated libvirt packages fix security vulnerability:

It was found that libvirtd leaked file descriptors when listing all volumes
for a particular pool. A remote attacker able to establish a read-only
connection to libvirtd could use this flaw to cause libvirtd to consume all
available file descriptors, preventing other users from using libvirtd
services (such as starting a new guest) until libvirtd is restarted
(CVE-2013-1962).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1962
https://rhn.redhat.com/errata/RHSA-2013-0831.html

https://bugs.mageia.org/show_bug.cgi?id=10345
Comment 8 Nicolas Vigier 2013-06-06 21:43:18 CEST
Packages have been pushed to updates.

Note You need to log in before you can comment on or make changes to this bug.