libvirt: CVE-2013-6458: qemu: job usage issue in several APIs leading to libvirtd crash

Debian Bug report logs - #734556
libvirt: CVE-2013-6458: qemu: job usage issue in several APIs leading to libvirtd crash

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libvirt: CVE-2013-6458: qemu: job usage issue in several APIs leading to libvirtd crash

Date: Wed, 08 Jan 2014 07:16:18 +0100

Package: libvirt
Severity: grave
Tags: security upstream patch fixed-upstream

Hi Guido,

Disclaimer: I have not checked to reproduce the crash, just shortly
checked latest unstable version. Have set grave as per "[...] could
allow an attacker who is able to establish a read-only connection to
libvirtd to crash libvirtd".

the following vulnerability was published for libvirt.

CVE-2013-6458[0]:
job usage issue in several APIs leading to libvirtd crash

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458
    http://security-tracker.debian.org/tracker/CVE-2013-6458
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1048631
[2] http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad
    (upstream fix)

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #10 received at 734556@bugs.debian.org (full text, mbox, reply):

From: Guido Günther <agx@sigxcpu.org>

To: Salvatore Bonaccorso <carnil@debian.org>, 734556@bugs.debian.org

Subject: Re: [Pkg-libvirt-maintainers] Bug#734556: libvirt: CVE-2013-6458: qemu: job usage issue in several APIs leading to libvirtd crash

Date: Thu, 9 Jan 2014 08:54:21 +0100

On Wed, Jan 08, 2014 at 07:16:18AM +0100, Salvatore Bonaccorso wrote:
> Package: libvirt
> Severity: grave
> Tags: security upstream patch fixed-upstream
> 
> Hi Guido,
> 
> Disclaimer: I have not checked to reproduce the crash, just shortly
> checked latest unstable version. Have set grave as per "[...] could
> allow an attacker who is able to establish a read-only connection to
> libvirtd to crash libvirtd".

I do think it affects all releases.
Cheers,
 -- Guido

> 
> the following vulnerability was published for libvirt.
> 
> CVE-2013-6458[0]:
> job usage issue in several APIs leading to libvirtd crash
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458
>     http://security-tracker.debian.org/tracker/CVE-2013-6458
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1048631
> [2] http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad
>     (upstream fix)
> 
> Please adjust the affected versions in the BTS as needed.
> 
> Regards,
> Salvatore
> 
> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers
> 

Message #15 received at 734556-close@bugs.debian.org (full text, mbox, reply):

From: Guido Günther <agx@sigxcpu.org>

To: 734556-close@bugs.debian.org

Subject: Bug#734556: fixed in libvirt 1.2.1~rc1-1

Date: Thu, 09 Jan 2014 09:19:27 +0000

Source: libvirt
Source-Version: 1.2.1~rc1-1

We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 734556@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated libvirt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 09 Jan 2014 08:23:57 +0100
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev libvirt-sanlock
Architecture: source i386 all
Version: 1.2.1~rc1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 libvirt-bin - programs for the libvirt library
 libvirt-dev - development files for the libvirt library
 libvirt-doc - documentation for the libvirt library
 libvirt-sanlock - library for interfacing with different virtualization systems
 libvirt0   - library for interfacing with different virtualization systems
 libvirt0-dbg - library for interfacing with different virtualization systems
Closes: 734556
Changes: 
 libvirt (1.2.1~rc1-1) experimental; urgency=medium
 .
   [ Laurent Bigonville ]
   * [f6b0feb] Pass --with-selinux-mount=/sys/fs/selinux to ./configure.
     The buildd are not running selinux and this make the auto-detection code
     defaults to /selinux which is actually not existing anymore in sid.
     This complete the fix for SELinux support.
 .
   [ Guido Günther ]
   * Upload to experimental
   * [20d9129] Enable parallel build support.
     Thanks to Felix Geyer for pointing this out
   * [0d0590e] New upstream version 1.2.1~rc1. Fixes CVE-2013-6458
     (Closes: #734556)
   * [a3f978b] Bump symbol versions
   * [0a6a276] Rediff patches.
     Dropped (fixed upstream):
       security-fix-crash-in-lxcDomainGetMemoryParameters.patch
       security-fix-crash-in-lxcDomainSetMemoryParameters.patch
   * [3061b11] Build with apparmor support.
     Note that this isn't enough to run with apparmor support since the
     profiles will need more work but it makes testing this a lot simpler.
     This is heavily based on a patch by Felix Geyer.
     See: #725144
Checksums-Sha1: 
 25c3c7a81cc2e006bfc6e1c7d903971830faca68 2614 libvirt_1.2.1~rc1-1.dsc
 ff8c8769f20fb2d6c92bbf6769b5d7a4248e05bb 27094280 libvirt_1.2.1~rc1.orig.tar.gz
 06f6f7ee7e1cdfa294d58ada0fc5b75650b072c3 44230 libvirt_1.2.1~rc1-1.debian.tar.gz
 a5542ab0b7064967d278be488b95145537a35dc6 3556670 libvirt-bin_1.2.1~rc1-1_i386.deb
 eb31792bc9a86bef698b6e1a4a2f47ebf39b49b4 2503934 libvirt0_1.2.1~rc1-1_i386.deb
 cdc2ff56d8ae1a597f170af7687d3a5928b60aca 7745244 libvirt0-dbg_1.2.1~rc1-1_i386.deb
 51009fe17eabe8dbdc5aa30a78073a060ab97fd3 2751810 libvirt-doc_1.2.1~rc1-1_all.deb
 ecbdff790ca113146874c5cda1edc6f217181f60 1814106 libvirt-dev_1.2.1~rc1-1_i386.deb
 ccc09b09b915225f0ee0da7659149d2cd03c0215 1747024 libvirt-sanlock_1.2.1~rc1-1_i386.deb
Checksums-Sha256: 
 d2a1cdbd70eddf1a9df57024d5fcefefecdbc305cce5a65b70e3ee9779370509 2614 libvirt_1.2.1~rc1-1.dsc
 00bcd6f9874b78872224658bd4a795bf2cca3d57149779ff9111e00f246858ca 27094280 libvirt_1.2.1~rc1.orig.tar.gz
 21f670df0564570d07cd93df8c89af8a4d6c6adbb9dc5aa6af2bcb085a3b5708 44230 libvirt_1.2.1~rc1-1.debian.tar.gz
 5cf3ff7e1fe1c502c0f1c455851fd9bd9ef14ad34d7eb04b8e5d73bf8d60d5f0 3556670 libvirt-bin_1.2.1~rc1-1_i386.deb
 2bd9a076198694c7bdfa82208c0ea9fc04beb94efc32a88e097bf7a08edf0ef5 2503934 libvirt0_1.2.1~rc1-1_i386.deb
 4930b4ec1e20176d133166b42af3de09304e87a724b075d6fea26c7a2d7166bc 7745244 libvirt0-dbg_1.2.1~rc1-1_i386.deb
 3a31bba607f3743a5fd9bf97a000df63a47187775482d68a753b813fe14df7a8 2751810 libvirt-doc_1.2.1~rc1-1_all.deb
 c44e688ef120106b3d77044acd34c69d9368984c65a55168e92a717d7bcb1ab2 1814106 libvirt-dev_1.2.1~rc1-1_i386.deb
 ca093552141819f11b1751c1d420fa2441c5af8805c3c2554005be357ce6ae8f 1747024 libvirt-sanlock_1.2.1~rc1-1_i386.deb
Files: 
 aca75acb7a6124ee4faaf3aa5cb0f62b 2614 libs optional libvirt_1.2.1~rc1-1.dsc
 c3a03a9594cd42ab39de3317d3f359e6 27094280 libs optional libvirt_1.2.1~rc1.orig.tar.gz
 0759c83a976d8b863de7d6973ec49d33 44230 libs optional libvirt_1.2.1~rc1-1.debian.tar.gz
 1c117ff1171e6536655449eadf02d712 3556670 admin optional libvirt-bin_1.2.1~rc1-1_i386.deb
 4538ad204f30fb3f297f26d729f8d6cb 2503934 libs optional libvirt0_1.2.1~rc1-1_i386.deb
 dd20b156ce43dd25b4603c1edf7ac37b 7745244 debug extra libvirt0-dbg_1.2.1~rc1-1_i386.deb
 c85020541b7d83349a37a4979e6870ed 2751810 doc optional libvirt-doc_1.2.1~rc1-1_all.deb
 fa378a2b25e2ee9c27d2c1ae3a9c4da2 1814106 libdevel optional libvirt-dev_1.2.1~rc1-1_i386.deb
 eaf2edcafc08c3b1079a0e1fcbcc6604 1747024 libs extra libvirt-sanlock_1.2.1~rc1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iD8DBQFSzl4On88szT8+ZCYRAvwfAJ4md40WN9/HOO9uEXG9z1MuBjGm3ACfSvZJ
oPgvZAj+I2ly6GD3cCXc4uw=
=87fR
-----END PGP SIGNATURE-----

Message #20 received at 734556@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Guido Günther <agx@sigxcpu.org>, 734556@bugs.debian.org

Subject: Re: Bug#734556: [Pkg-libvirt-maintainers] Bug#734556: libvirt: CVE-2013-6458: qemu: job usage issue in several APIs leading to libvirtd crash

Date: Fri, 10 Jan 2014 03:07:49 +0100

Hi Guido,

On Thu, Jan 09, 2014 at 08:54:21AM +0100, Guido Günther wrote:
> On Wed, Jan 08, 2014 at 07:16:18AM +0100, Salvatore Bonaccorso wrote:
> > Package: libvirt
> > Severity: grave
> > Tags: security upstream patch fixed-upstream
> > 
> > Hi Guido,
> > 
> > Disclaimer: I have not checked to reproduce the crash, just shortly
> > checked latest unstable version. Have set grave as per "[...] could
> > allow an attacker who is able to establish a read-only connection to
> > libvirtd to crash libvirtd".
> 
> I do think it affects all releases.

Thanks for checking already (and the fix to experimental). Adding the
found information for the BTS.

Regards,
Salvatore

Message #31 received at 734556-close@bugs.debian.org (full text, mbox, reply):

From: Guido Günther <agx@sigxcpu.org>

To: 734556-close@bugs.debian.org

Subject: Bug#734556: fixed in libvirt 0.9.12.3-1

Date: Tue, 21 Jan 2014 21:17:31 +0000

Source: libvirt
Source-Version: 0.9.12.3-1

We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 734556@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated libvirt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 16 Jan 2014 11:05:59 +0100
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source all i386
Version: 0.9.12.3-1
Distribution: stable-security
Urgency: medium
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 libvirt-bin - programs for the libvirt library
 libvirt-dev - development files for the libvirt library
 libvirt-doc - documentation for the libvirt library
 libvirt0   - library for interfacing with different virtualization systems
 libvirt0-dbg - library for interfacing with different virtualization systems
 python-libvirt - libvirt Python bindings
Closes: 729331 734556
Changes: 
 libvirt (0.9.12.3-1) stable-security; urgency=medium
 .
   * [0a01d0a] New upstream version 0.9.12.3
     Fixes CVE-2013-6458 and CVE-2014-1447
     (Closes: #734556)
   * [43817d5] Don't fail chmod/chdir if a file doesn't exist.
   * [753faf6] Check correct dirs for existence (Closes: #729331)
   * [3ed9278] Update symbols
 .
 libvirt (0.9.12.2-1) wheezy-proposed-updates; urgency=low
 .
   * [77a7135] Adjust gbp.conf for Wheezy point releases
   * [b457e3f] New upstream version 0.9.12.1
   * [ae6e265] New upstream version 0.9.12.2
   * [2d07b5c] Drop patches fixed upstream.
         Include-stdint.h-for-uint32_t.patch
         Revert-rpc-Discard-non-blocking-calls-only-when-nece.patch
         fix-leak-virStorageBackendLogicalMakeVol.patch
         qemu-Add-support-for-no-user-config.patch
         qemu-Fix-off-by-one-error-while-unescaping-monitor-s.patch
         rpc-Fix-crash-on-error-paths-of-message-dispatching.patch
         security/CVE-2012-3445.patch
         security/Fix-crash-in-remoteDispatchDomainMemoryStats.patch
         security/security-Fix-libvirtd-crash-possibility.patch
         upstream/Fix-libvirtd-crash-when-destroying-a-domain-with-att.patch
         upstream/Fix-race-condition-when-destroying-guests.patch
Checksums-Sha1: 
 fe62aa19c8610e2eb6297479ecfea650423a9fa4 2290 libvirt_0.9.12.3-1.dsc
 73e72812a3d3c1a096b515dc01803bdbff7c595a 19576862 libvirt_0.9.12.3.orig.tar.gz
 f2fc688790c8ddc2a78ffda44a19b2184360d48d 37957 libvirt_0.9.12.3-1.debian.tar.gz
 53de06026213246da78804bf8e581f2cb314cd4c 2190468 libvirt-doc_0.9.12.3-1_all.deb
 371e0c3b63aae1fd15ec7171f57a95312e74c160 2500248 libvirt-bin_0.9.12.3-1_i386.deb
 7a4fc2bd552e88672394cb00326b4dbf6f2ad643 2135130 libvirt0_0.9.12.3-1_i386.deb
 b21540107d1b2ee816f2c3695f5798ffa0ba61b2 7851842 libvirt0-dbg_0.9.12.3-1_i386.deb
 42807187658e88a3cd9434cd76908417efe9e670 2514934 libvirt-dev_0.9.12.3-1_i386.deb
 162fe6e4944e33baa72f088f3db306cfacc1f10b 1432330 python-libvirt_0.9.12.3-1_i386.deb
Checksums-Sha256: 
 98ef20adac7c3b2b0c1174a57c0b6aeb24a95ed4b1f2d4b4d61f09bb5eee598a 2290 libvirt_0.9.12.3-1.dsc
 404afb7fdd23d8f36645cffc77fecfed40d60617f8bcae707ac3b9f7925fc0fb 19576862 libvirt_0.9.12.3.orig.tar.gz
 6b6123ef81c63b0c443965784581fad9a315f76731fbef885b786abffa42643c 37957 libvirt_0.9.12.3-1.debian.tar.gz
 82f1888ff877ce6c6843e1985ca3d854185186c926494adbd9fd8394d6c30ccf 2190468 libvirt-doc_0.9.12.3-1_all.deb
 bfa06a08cb3a01e06186833985707b6c3d651eae29a394cba3e6b6a47b185233 2500248 libvirt-bin_0.9.12.3-1_i386.deb
 62b4b81befa01db6fb042173f13087fafc75850c0d50acf1f2bb3ccd8fd1cc8b 2135130 libvirt0_0.9.12.3-1_i386.deb
 dde1ec326bc050a3ea3a74f5ea5fda2530e43aecd0bf504d071892685c1fb8bb 7851842 libvirt0-dbg_0.9.12.3-1_i386.deb
 3f9abeae8209af2a6df60a3050eabf24bc29257c8f9a9e19f9f916bdd61c6c82 2514934 libvirt-dev_0.9.12.3-1_i386.deb
 99f6d25202997a77dad95312f8e54919c2250147036d14943dd146e49f819105 1432330 python-libvirt_0.9.12.3-1_i386.deb
Files: 
 f84d1e8622b2b1f3a04d2100fea044af 2290 libs optional libvirt_0.9.12.3-1.dsc
 0f596bceec120df4cd5aecb8f0128d5d 19576862 libs optional libvirt_0.9.12.3.orig.tar.gz
 fb20bdca06c39f20b062fd15a03e4490 37957 libs optional libvirt_0.9.12.3-1.debian.tar.gz
 f1169e17159ae16860318710276a6b75 2190468 doc optional libvirt-doc_0.9.12.3-1_all.deb
 bcf0058d65185c0fb39431f09ada8d8a 2500248 admin optional libvirt-bin_0.9.12.3-1_i386.deb
 df5b3860600ca2d4972d86d8b3d9bdab 2135130 libs optional libvirt0_0.9.12.3-1_i386.deb
 20e4fb90d342a6fd9a9b1337bae33fde 7851842 debug extra libvirt0-dbg_0.9.12.3-1_i386.deb
 8525d062646d5782855c289086070250 2514934 libdevel optional libvirt-dev_0.9.12.3-1_i386.deb
 25131a9f7e3f6b681c4d4f647e389465 1432330 python optional python-libvirt_0.9.12.3-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iD8DBQFS2Fbkn88szT8+ZCYRAmPUAJ9w4AQDJdRuauPAyyhGcHjCGwaWEACfRgMP
fz6S7i0qXXYr19S9A83Viks=
=KFx/
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.