Bugzilla – Bug 868943
VUL-0: CVE-2013-7336: libvirt: unprivileged user can crash libvirtd during spice migration
Last modified: 2015-02-19 01:48:40 UTC
via oss-sec / rh bugzilla Domblkstat is possible even with read-only connection, so whenever migration with spice is done and domblkstat gets called at the same time as qemuMonitorGetSpiceMigrationStatus(), there is certain possibility that the daemon crashes. An unprivileged user able to issue commands to running libvirtd could use this flaw to crash libvirtd and prevent more privileged clients from working correctly. Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=484cc321 Acknowledgements: This issue was discovered by Marian Krcmarik of Red Hat. References: https://bugzilla.redhat.com/show_bug.cgi?id=1077620
The fix has been in libvirt since release 1.1.3, so it looks like this affects openSUSE12.3 and 13.1. We don't support SPICE in SLE11, so nothing to be done there.
bugbot adjusting priority
Opps, I got it wrong about when this issue was introduced. It was introduced in v1.1.0 by commit 9da7b11b and fixed in v1.1.3 by commit 484cc321, so only openSUSE13.1 is affected.
Heh, this bug is actually a duplicate of bnc#842301, which was fixed some time ago. Nonetheless, I changed the name of the patch to include the CVE number and have submitted a maintenance request for openSUSE13.1 to fix bnc#852005 and bnc#857490, the latter being CVE-2013-6456. MR#227061. I'll defer closing this as duplicate to the security team.
close *** This bug has been marked as a duplicate of bug 842301 ***
openSUSE-SU-2014:0593-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 852005,857490,868943,871154,873103 CVE References: CVE-2013-6456,CVE-2013-7336 Sources used: openSUSE 13.1 (src): libvirt-1.1.2-2.26.1