Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-4153 CVE-2013-4154

Source

Debian Bug report logs - #717354
libvirt: CVE-2013-4153: double free of returned JSON array in qemuAgentGetVCPUs()

Package: libvirt; Maintainer for libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>;

Reported by: Henri Salo <henri@nerv.fi>

Date: Fri, 19 Jul 2013 17:51:01 UTC

Severity: important

Tags: fixed-upstream, security

Found in version 1.1.0-3

Fixed in version libvirt/1.1.0-4

Done: Guido Günther <agx@sigxcpu.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#717354; Package libvirt. (Fri, 19 Jul 2013 17:51:05 GMT) (full text, mbox, link).

Acknowledgement sent to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Fri, 19 Jul 2013 17:51:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Package: libvirt
Version: 1.1.0-3
Severity: important
Tags: security, fixed-upstream

Please see http://openwall.com/lists/oss-security/2013/07/19/11 for details,
thanks.

---
Henri Salo

[signature.asc (application/pgp-signature, inline)]

Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Sat, 20 Jul 2013 12:21:18 GMT) (full text, mbox, link).

Notification sent to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer. (Sat, 20 Jul 2013 12:21:18 GMT) (full text, mbox, link).

Message #10 received at 717354-close@bugs.debian.org (full text, mbox, reply):

Source: libvirt
Source-Version: 1.1.0-4

We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 717354@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated libvirt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 20 Jul 2013 09:58:29 +0200
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt libvirt-sanlock
Architecture: source i386 all
Version: 1.1.0-4
Distribution: unstable
Urgency: low
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 libvirt-bin - programs for the libvirt library
 libvirt-dev - development files for the libvirt library
 libvirt-doc - documentation for the libvirt library
 libvirt-sanlock - library for interfacing with different virtualization systems
 libvirt0   - library for interfacing with different virtualization systems
 libvirt0-dbg - library for interfacing with different virtualization systems
 python-libvirt - libvirt Python bindings
Closes: 717354 717355
Changes: 
 libvirt (1.1.0-4) unstable; urgency=low
 .
   * [22913a0] Skip tests on all architectures except for i386 and amd64 as we
     did with cdbs
   * [23a28f2] CVE-2013-4153: qemu: Fix double free of returned JSON array in
     qemuAgentGetVCPUs() Thanks to Peter Krempa (Closes: #717354)
   * [85b5fda] CVE-2013-4154: qemu: Prevent crash of libvirtd without guest
     agent configuration.  Thanks to Alex Jia (Closes: #717355)
Checksums-Sha1: 
 2f1d42c1709080ea3ff30818a8132b293c610825 2511 libvirt_1.1.0-4.dsc
 8fed0968fa54f949216ccd5e4f50d4699cbc2e99 42676 libvirt_1.1.0-4.debian.tar.gz
 a4a27d2b39649de7d428c7852eb51009b30a7543 4094698 libvirt-bin_1.1.0-4_i386.deb
 d9abf5f94d6683fbe5959a4a4707d50c671fc00f 2387042 libvirt0_1.1.0-4_i386.deb
 d1ebad9576a161eba9ecd880c9c906fcb28df68b 10596486 libvirt0-dbg_1.1.0-4_i386.deb
 c41d1ed376f1c65723d536419bf32736a7478675 2749780 libvirt-doc_1.1.0-4_all.deb
 5e9703602c30aeff2e060bd5ed9c8da5397acfcb 1512530 libvirt-dev_1.1.0-4_i386.deb
 7e2199086dbc6935e25b1dcb4e9742f22df476eb 1679300 python-libvirt_1.1.0-4_i386.deb
 0c5fd9ef4fe626293e8a6aa2a265e1ae0bc7ec82 1507338 libvirt-sanlock_1.1.0-4_i386.deb
Checksums-Sha256: 
 702d1e43f6cdba260cf2b8de4d4520243f2f6f218b9cd46ecfbea9c4e9714704 2511 libvirt_1.1.0-4.dsc
 565b99a5aaa181632727b45f3c23d5eeb6f80a7d6fc0f07d469fbfd3a09af0cc 42676 libvirt_1.1.0-4.debian.tar.gz
 a1cf29cf6177d2dcce0745fcecd6d0ef071058f86ca9f231ff44525d8f2f1fad 4094698 libvirt-bin_1.1.0-4_i386.deb
 baf91442fd456d5cac9f3add50c3abef46009ebfcbb901f727e28ed85e4c1e24 2387042 libvirt0_1.1.0-4_i386.deb
 97046b03e301c8b3d28c6829daa0044d13b6233ba7f246c4514d409f8b0e0ae7 10596486 libvirt0-dbg_1.1.0-4_i386.deb
 59367bfc9a2ce555b745de2a10f75ac5c8ceb60b0e111864fac0a6846c2d0e2e 2749780 libvirt-doc_1.1.0-4_all.deb
 6821be944eb16634796be0542e57dd90d109df4ca0ab281eb19c44737a5976bc 1512530 libvirt-dev_1.1.0-4_i386.deb
 321c8241f1c580fbb60e41da1d87f2e6fb3ee61b1b8f6bdf9b411e084f88d4d8 1679300 python-libvirt_1.1.0-4_i386.deb
 44cb4650d1119b5b3ae3a95e6b9f572fa1537e379e5d4473a777e79a7e7b9730 1507338 libvirt-sanlock_1.1.0-4_i386.deb
Files: 
 8b8aabc3b780484295a3fd671b03d508 2511 libs optional libvirt_1.1.0-4.dsc
 e4b53e88c6082a8d06b59d50df12a78b 42676 libs optional libvirt_1.1.0-4.debian.tar.gz
 b5ee517c1c08eeb88c4eeff998ebf15c 4094698 admin optional libvirt-bin_1.1.0-4_i386.deb
 35fe74c88bc82ce4a93e7786a06c7a29 2387042 libs optional libvirt0_1.1.0-4_i386.deb
 cbeaf4df57666356fb984f3036512495 10596486 debug extra libvirt0-dbg_1.1.0-4_i386.deb
 d338af4db834d767ea80af415c984406 2749780 doc optional libvirt-doc_1.1.0-4_all.deb
 feffcf7f389ae00f205a12c67cb085fa 1512530 libdevel optional libvirt-dev_1.1.0-4_i386.deb
 769ec2b26bfccca89c397a94770a3250 1679300 python optional python-libvirt_1.1.0-4_i386.deb
 2400bad4cea2a1d69a7d250af6bb7bee 1507338 libs extra libvirt-sanlock_1.1.0-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFR6lrxn88szT8+ZCYRAquqAJ9nqRVW/9lZpYvOcu64BoPTvEzbjwCfZ+0A
vym+pbe77fqbJMjaaT/LQr4=
=IPp7
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 18 Aug 2013 07:36:30 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:27:53 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

libvirt: CVE-2013-4153: double free of returned JSON array in qemuAgentGetVCPUs()

Debian Bug report logs - #717354
libvirt: CVE-2013-4153: double free of returned JSON array in qemuAgentGetVCPUs()

Vulmon Search

About

Products

Connect

libvirt: CVE-2013-4153: double free of returned JSON array in qemuAgentGetVCPUs()

Debian Bug report logs - #717354 libvirt: CVE-2013-4153: double free of returned JSON array in qemuAgentGetVCPUs()

Vulmon Search

About

Products

Connect

Debian Bug report logs - #717354
libvirt: CVE-2013-4153: double free of returned JSON array in qemuAgentGetVCPUs()