Bugzilla – Bug 858817
VUL-0: CVE-2014-1447: libvirt: denial of service with keepalive
Last modified: 2015-02-19 01:46:45 UTC
Via OSS-sec: ------8<------------- On Thu, Jan 09, 2014 at 02:58:06PM -0700, Eric Blake wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1047577 is a publicly > reported bug that details a libvirtd crash caused by a race when > keepalive is requested but the connection is closed prior to > establishing connection credentials. Since this crash occurs before > libvirtd can distinguish between read-only vs. read-write clients, it > can be used as a denial of service attack by read-only clients, and > therefore needs a CVE. Upstream patches: http://libvirt.org/git/?p=libvirt.git;a=commit;h=173c291 http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef ----------8<---------- CVE-2014-1447 mitre also assigned CVE-2014-1448, but upstream refused to accept a second assignment for basically the same bug.
bugbot adjusting priority
This issue affects libvirt versions 0.9.8 through 1.2.0 inclusive, meaning openSUSE12.3, 13.1, Factory, SLE11 SP3, and SLE12. For Factory and SLE12, the issue is fixed by updating to libvirt 1.2.1. For openSUSE13.1, I've backported the fix and have it queued for a future maintenance update in https://build.opensuse.org/package/show/Virtualization:openSUSE13.1/libvirt Still working on the backports for 12.3 and SLE11 SP3...
Ok, I have the backports queued for 12.3 and SLE11 SP3. All affected packages are ready to submit when the security-team is ready.
The SWAMPID for this issue is 56039. This issue was rated as moderate. Please submit fixed packages until 2014-02-11. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
no virnetServer in SLE11 SP1 or older, so these are not affected.
openSUSE-SU-2014:0268-1: An update that solves four vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 817407,857271,857492,858817,858824,859041,859051 CVE References: CVE-2013-6457,CVE-2013-6458,CVE-2014-0028,CVE-2014-1447 Sources used: openSUSE 13.1 (src): libvirt-1.1.2-2.18.3
openSUSE-SU-2014:0270-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 857492,858817 CVE References: CVE-2013-6458,CVE-2014-1447 Sources used: openSUSE 12.3 (src): libvirt-1.0.2-1.14.1
Update released for: libvirt, libvirt-client, libvirt-client-32bit, libvirt-client-64bit, libvirt-client-x86, libvirt-debuginfo, libvirt-debugsource, libvirt-devel, libvirt-devel-32bit, libvirt-devel-64bit, libvirt-doc, libvirt-lock-sanlock, libvirt-python Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SUSE-SU-2014:0318-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 817407,857492,858817 CVE References: CVE-2013-6458,CVE-2014-1447 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): libvirt-1.0.5.9-0.7.1 SUSE Linux Enterprise Server 11 SP3 (src): libvirt-1.0.5.9-0.7.1 SUSE Linux Enterprise Desktop 11 SP3 (src): libvirt-1.0.5.9-0.7.1