Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <51D1D34B.4050203@redhat.com>
Date: Mon, 01 Jul 2013 13:06:51 -0600
From: Eric Blake <eblake@...hat.com>
To: kseifried@...hat.com
CC: oss-security@...ts.openwall.com, libvirt-security@...hat.com
Subject: Re: [Libvirt-Security] CVE-2013-2218 -- libvirt: crash
 when listing network interfaces with filters

On 07/01/2013 12:49 PM, Kurt Seifried wrote:
> On 07/01/2013 09:21 AM, Petr Matousek wrote:
>> The virConnectListAllInterfaces method has a double-free of the 
>> 'struct netcf_if' object when any of the filtering flags cause an
>> interface to be skipped over. For example when running the command
>> 'virsh iface-list --inactive'
> 
>> Upstream fix: 
>> http://libvirt.org/git/?p=libvirt.git;a=commit;h=244e0b8cf15ca2ef48d82058e728656e6c4bad11
> 
>>  References: https://bugzilla.redhat.com/show_bug.cgi?id=980112
> 
>> Thanks,
> 
> 
> Please use CVE-2013-2229 for this issue.

No, we already assigned CVE-2013-2218 to this issue.  CVE-2013-2229
should be closed as a mistake, or reused for some other purpose.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


Download attachment "signature.asc" of type "application/pgp-signature" (622 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.