Libvirt Security Notice: LSN-2013-0001 ====================================== Summary: Fix crash on error paths of message dispatching Reported on: 20130104 Published on: 20130128 Fixed on: 20130128 Reported by: Peter Krempa Patched by: Peter Krempa See also: CVE-2013-0170 Description ----------- When reading and dispatching of a message failed the message was freed but was not removed from the message queue. When the connection was later closed this would result in an attempt to free uninitialized memory Impact ------ A malicious user could send an RPC message which intentionally results in an error and thus cause libvirtd to crash Workaround ---------- Remove access to libvirtd from untrusted user accounts Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v0.9.7 Broken in: v0.9.8 Broken in: v0.9.9 Broken in: v0.9.10 Broken in: v0.9.11 Broken in: v0.9.12 Broken in: v0.9.13 Broken in: v0.10.0 Broken in: v0.10.1 Broken in: v0.10.2 Broken in: v1.0.0 Broken in: v1.0.1 Fixed in: v1.0.2 Broken by: b2c62316477989f8d728af49bdac8248ab5f5463 Fixed by: 46532e3e8ed5f5a736a02f67d6c805492f9ca720 Branch: v0.9.11-maint Broken in: v0.9.11.1 Broken in: v0.9.11.2 Broken in: v0.9.11.3 Broken in: v0.9.11.4 Broken in: v0.9.11.5 Broken in: v0.9.11.6 Broken in: v0.9.11.7 Broken in: v0.9.11.8 Fixed in: v0.9.11.9 Broken by: b2c62316477989f8d728af49bdac8248ab5f5463 Fixed by: d0e1501518e0390c0b3326e2c5bd1fb7e1566414 Branch: v0.9.12-maint Fixed in: v0.9.12.1 Broken by: b2c62316477989f8d728af49bdac8248ab5f5463 Fixed by: ba92d4a9ca6dba7b59cef01d02da24955d1334cd Branch: v0.10.2-maint Broken in: v0.10.2.1 Broken in: v0.10.2.2 Fixed in: v0.10.2.3 Broken by: b2c62316477989f8d728af49bdac8248ab5f5463 Fixed by: f104a2a6b36aa6f4842c0a64354055657c0df8e2 Branch: v1.0.0-maint Broken by: b2c62316477989f8d728af49bdac8248ab5f5463 Branch: v1.0.1-maint Broken by: b2c62316477989f8d728af49bdac8248ab5f5463