Libvirt Security Notice: LSN-2013-0002 ====================================== Summary: Leak of file descriptors when listing storage volumes Reported on: 20130412 Published on: 20130516 Fixed on: 20130516 Reported by: Ján Tomko Patched by: Ján Tomko See also: CVE-2013-1962 Description ----------- When listing storage volumes an object was not freed, which caused a libvirt connection to be kept open inside libvirtd. This caused a leak of file descriptors which would eventually exhaust the allowed range. Impact ------ A client with a read only connection to libvirtd can cause exhaustion of all file descriptors in libvirtd resulting in a denial of service Workaround ---------- Prevent untrusted users from accessing libvirtd Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v0.10.2 Broken in: v1.0.0 Broken in: v1.0.1 Broken in: v1.0.2 Broken in: v1.0.3 Broken in: v1.0.4 Broken in: v1.0.5 Fixed in: v1.0.6 Broken by: a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1 Fixed by: ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739 Branch: v0.10.2-maint Broken in: v0.10.2.1 Broken in: v0.10.2.2 Broken in: v0.10.2.3 Broken in: v0.10.2.4 Fixed in: v0.10.2.5 Broken by: a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1 Fixed by: 0f2eda0da9efd25b280c23a5a0d0fdf46f0c3c67 Branch: v1.0.0-maint Broken by: a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1 Branch: v1.0.1-maint Broken by: a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1 Branch: v1.0.2-maint Broken by: a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1 Fixed by: 89c74908954ede64756faaf6f3e6ebc0d425c6f9 Branch: v1.0.3-maint Broken by: a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1 Fixed by: 7d5e3f026603d7e6d78254e972332fdd6b234863 Branch: v1.0.4-maint Broken by: a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1 Fixed by: 24317824e01013209157a58f6130eecb873a3fba Branch: v1.0.5-maint Fixed in: v1.0.5.1 Broken by: a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1 Fixed by: 71e7f1392bbc42699b79adcbe8bb34d32cb8e442