[SECURITY] [DSA 2764-1] libvirt security update

2013-09-2519:07:58

lists.debian.org

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.6%

JSON

Debian Security Advisory DSA-2764-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
September 25, 2013 http://www.debian.org/security/faq

Package : libvirt
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-4296

Daniel P. Berrange discovered that incorrect memory handling in the
remoteDispatchDomainMemoryStats() function could lead to denial of
service.

The oldstable distribution (squeeze) is not affected.

For the stable distribution (wheezy), this problem has been fixed in
version 0.9.12-11+deb7u4. This update also includes some non-security
related bugfixes scheduled for the upcoming Wheezy 7.2 point release.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your libvirt packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7i386libvirt-bin< 0.9.12-11+deb7u4libvirt-bin_0.9.12-11+deb7u4_i386.deb
Debian7kfreebsd-i386libvirt-dev< 0.9.12-11+deb7u4libvirt-dev_0.9.12-11+deb7u4_kfreebsd-i386.deb
Debian7armhflibvirt0-dbg< 0.9.12-11+deb7u4libvirt0-dbg_0.9.12-11+deb7u4_armhf.deb
Debian7kfreebsd-amd64libvirt0-dbg< 0.9.12-11+deb7u4libvirt0-dbg_0.9.12-11+deb7u4_kfreebsd-amd64.deb
Debian7s390python-libvirt< 0.9.12-11+deb7u4python-libvirt_0.9.12-11+deb7u4_s390.deb
Debian7mipslibvirt0-dbg< 0.9.12-11+deb7u4libvirt0-dbg_0.9.12-11+deb7u4_mips.deb
Debian7amd64libvirt0< 0.9.12-11+deb7u4libvirt0_0.9.12-11+deb7u4_amd64.deb
Debian7amd64libvirt-bin< 0.9.12-11+deb7u4libvirt-bin_0.9.12-11+deb7u4_amd64.deb
Debian7mipsellibvirt0-dbg< 0.9.12-11+deb7u4libvirt0-dbg_0.9.12-11+deb7u4_mipsel.deb
Debian7kfreebsd-i386libvirt0-dbg< 0.9.12-11+deb7u4libvirt0-dbg_0.9.12-11+deb7u4_kfreebsd-i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	i386	libvirt-bin	< 0.9.12-11+deb7u4	libvirt-bin_0.9.12-11+deb7u4_i386.deb
Debian	7	kfreebsd-i386	libvirt-dev	< 0.9.12-11+deb7u4	libvirt-dev_0.9.12-11+deb7u4_kfreebsd-i386.deb
Debian	7	armhf	libvirt0-dbg	< 0.9.12-11+deb7u4	libvirt0-dbg_0.9.12-11+deb7u4_armhf.deb
Debian	7	kfreebsd-amd64	libvirt0-dbg	< 0.9.12-11+deb7u4	libvirt0-dbg_0.9.12-11+deb7u4_kfreebsd-amd64.deb
Debian	7	s390	python-libvirt	< 0.9.12-11+deb7u4	python-libvirt_0.9.12-11+deb7u4_s390.deb
Debian	7	mips	libvirt0-dbg	< 0.9.12-11+deb7u4	libvirt0-dbg_0.9.12-11+deb7u4_mips.deb
Debian	7	amd64	libvirt0	< 0.9.12-11+deb7u4	libvirt0_0.9.12-11+deb7u4_amd64.deb
Debian	7	amd64	libvirt-bin	< 0.9.12-11+deb7u4	libvirt-bin_0.9.12-11+deb7u4_amd64.deb
Debian	7	mipsel	libvirt0-dbg	< 0.9.12-11+deb7u4	libvirt0-dbg_0.9.12-11+deb7u4_mipsel.deb
Debian	7	kfreebsd-i386	libvirt0-dbg	< 0.9.12-11+deb7u4	libvirt0-dbg_0.9.12-11+deb7u4_kfreebsd-i386.deb