910860 – (CVE-2014-8135) VUL-0: CVE-2014-8135: libvirt: local denial of service in storage/storage_driver.c

Bug 910860 (CVE-2014-8135) - VUL-0: CVE-2014-8135: libvirt: local denial of service in storage/storage_driver.c

Summary: VUL-0: CVE-2014-8135: libvirt: local denial of service in storage/storage_dri...

Status:	RESOLVED FIXED

Alias:	CVE-2014-8135

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE 13.2

Priority:	P3 - Medium Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/111741/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-12-19 16:42 UTC by Alexander Bergmann
Modified:	2015-02-12 12:24 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2014-12-19 16:42:26 UTC

rh#1176182

Common Vulnerabilities and Exposures assigned an identifier CVE-2014-8135 to
the following vulnerability:

Name: CVE-2014-8135
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8135
Assigned: 20141010
Reference: http://secunia.com/advisories/61111

The storageVolUpload function in storage/storage_driver.c in libvirt
does not check a certain return value, which allows local users to
cause a denial of service (NULL pointer dereference and daemon crash)
via a crafted offset value in a "virsh vol-upload" command.

Upstream commit that addresses this issue:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=87b9437f8951f9d24f9a85c6bbfff0e54df8c984

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1176182
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8135

Comment 1 Swamp Workflow Management 2014-12-19 23:00:53 UTC

bugbot adjusting priority

Comment 2 James Fehlig 2014-12-19 23:59:42 UTC

Affects openSUSE13.1, openSUSE13.2, and SLE12.  Factory is fixed by the update to libvirt 1.2.11.

Comment 3 James Fehlig 2014-12-20 00:18:47 UTC

(In reply to James Fehlig from comment #2)
> Affects openSUSE13.1, openSUSE13.2, and SLE12.  Factory is fixed by the
> update to libvirt 1.2.11.

Opps, I was wrong about the affected products.  The bug was introduced in commit 4a85bf3e, which first showed up in libvirt 1.2.8.  So only openSUSE13.2 is affected.

Comment 4 James Fehlig 2014-12-20 00:27:00 UTC

Patch backported and queued in Virtualization:openSUSE13.2/libvirt.

Comment 5 James Fehlig 2014-12-22 05:16:48 UTC

Updated libvirt package submitted for openSUSE13.1, MR#266111.  Reassigning to security-team...

Comment 6 Swamp Workflow Management 2015-01-02 09:09:27 UTC

openSUSE-SU-2015:0008-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 904432,909274,910860,910862
CVE References: CVE-2014-8131,CVE-2014-8135,CVE-2014-8136
Sources used:
openSUSE 13.2 (src):    libvirt-1.2.9-8.1

Comment 7 Johannes Segitz 2015-02-12 12:24:25 UTC

update released