Libvirt Security Notice: LSN-2013-0016 ====================================== Summary: Out of bounds access in bitmap array Reported on: 20130816 Published on: 20130816 Fixed on: 20130816 Reported by: Peter Krempa Patched by: Peter Krempa See also: CVE-2013-5651 Description ----------- When parsing bitmap strings the bounds of the array were not checked when determining if the bit was set. This in turn resulted in the parser later crashing Impact ------ A malicious user can cause libvirtd to crash by feeding it data with malformed bitmap strings Workaround ---------- Prevent untrusted users from accessing the libvirtd daemon Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v0.10.2 Broken in: v1.0.0 Broken in: v1.0.1 Broken in: v1.0.2 Broken in: v1.0.3 Broken in: v1.0.4 Broken in: v1.0.5 Broken in: v1.0.6 Broken in: v1.1.0 Broken in: v1.1.1 Fixed in: v1.1.2 Broken by: 0fc89098a68f0f6962de8be4fc03ddd960ffbf08 Fixed by: 47b9127e883677a0d60d767030a147450e919a25 Branch: v0.10.2-maint Broken in: v0.10.2.1 Broken in: v0.10.2.2 Broken in: v0.10.2.3 Broken in: v0.10.2.4 Broken in: v0.10.2.5 Broken in: v0.10.2.6 Broken in: v0.10.2.7 Fixed in: v0.10.2.8 Broken by: 0fc89098a68f0f6962de8be4fc03ddd960ffbf08 Fixed by: ecad40d8b84864bee4495d1447902a6206a39a4d Branch: v1.0.0-maint Broken by: 0fc89098a68f0f6962de8be4fc03ddd960ffbf08 Branch: v1.0.1-maint Broken by: 0fc89098a68f0f6962de8be4fc03ddd960ffbf08 Branch: v1.0.2-maint Broken by: 0fc89098a68f0f6962de8be4fc03ddd960ffbf08 Branch: v1.0.3-maint Broken by: 0fc89098a68f0f6962de8be4fc03ddd960ffbf08 Branch: v1.0.4-maint Broken by: 0fc89098a68f0f6962de8be4fc03ddd960ffbf08 Fixed by: b68a721d45085115d9d1ffd5329aff1fdaf1845a Branch: v1.0.5-maint Broken in: v1.0.5.1 Broken in: v1.0.5.2 Broken in: v1.0.5.3 Broken in: v1.0.5.4 Broken in: v1.0.5.5 Fixed in: v1.0.5.6 Broken by: 0fc89098a68f0f6962de8be4fc03ddd960ffbf08 Fixed by: 1ffdaced5b041db919ebd3a346c2d1abb8abe074 Branch: v1.0.6-maint Broken by: 0fc89098a68f0f6962de8be4fc03ddd960ffbf08 Fixed by: c56f17e5435858f30471eb3da3a19a3ccd9d5a3b Branch: v1.1.0-maint Broken by: 0fc89098a68f0f6962de8be4fc03ddd960ffbf08 Fixed by: 7d7e29bb939e3caabe8ddfef42bb44c0011436f3 Branch: v1.1.1-maint Broken by: 0fc89098a68f0f6962de8be4fc03ddd960ffbf08 Fixed by: 02340c7f67c381395aeede4586bd3b1ff3f5d291