RedHat has issued an advisory on May 16: https://rhn.redhat.com/errata/RHSA-2013-0831.html Patched packages uploaded by Funda for Mageia 3 and Cauldron. Advisory: ======================== Updated libvirt packages fix security vulnerability: It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to cause libvirtd to consume all available file descriptors, preventing other users from using libvirtd services (such as starting a new guest) until libvirtd is restarted (CVE-2013-1962). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1962 https://rhn.redhat.com/errata/RHSA-2013-0831.html ======================== Updated packages in core/updates_testing: ======================== libvirt0-1.0.2-7.1.mga3 libvirt-devel-1.0.2-7.1.mga3 python-libvirt-1.0.2-7.1.mga3 libvirt-utils-1.0.2-7.1.mga3 from libvirt-1.0.2-7.1.mga3.src.rpm Reproducible: Steps to Reproduce:
CC: (none) => fundawangBlocks: (none) => 6526
This can be tested using virt-manager # systemctl start libvirtd.service $ virt-manager
Whiteboard: (none) => has_procedure
Testing mga3 64
Testing complete mga3 64
Whiteboard: has_procedure => has_procedure mga3-64-ok
I'm having problems with this in i586 but I probably don't have the best hardware to test it with. When I go to select an iso to install and click on Browse Local, there is a long pause and it eventually says it disconnected from qemu. It does open the file selected dialog but selecting one does nothing as it's disconnected from libvirt. Not a regression though.
In fact, not even related. virt-manager is a separate package..
(In reply to claire robinson from comment #5) > In fact, not even related. virt-manager is a separate package.. Confirmed the problem on i586. Workaround is to copy/paste the /path/filename.iso.
CC: (none) => davidwhodgins
Testing complete on Mageia 3 i586, using virt-viewer. Could someone from the sysadmin team push the srpm libvirt-1.0.2-7.1.mga3.src.rpm from Mageia 3 Core Updates Testing to Core Updates. Advisory: Updated libvirt packages fix security vulnerability: It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to cause libvirtd to consume all available file descriptors, preventing other users from using libvirtd services (such as starting a new guest) until libvirtd is restarted (CVE-2013-1962). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1962 https://rhn.redhat.com/errata/RHSA-2013-0831.html https://bugs.mageia.org/show_bug.cgi?id=10345
Keywords: (none) => validated_updateWhiteboard: has_procedure mga3-64-ok => has_procedure mga3-64-ok MGA3-32-OKCC: (none) => sysadmin-bugs
Packages have been pushed to updates.
Status: NEW => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
CC: boklm => (none)