Bug 858824 – VUL-1: CVE-2013-6457: libvirt: avoid crashing if calling 'virsh numatune' on an inactive domain (libxl)

Bug 858824 - (CVE-2013-6457) VUL-1: CVE-2013-6457: libvirt: avoid crashing if calling 'virsh numatune' on an inactive domain (libxl)

(CVE-2013-6457)
Summary:	VUL-1: CVE-2013-6457: libvirt: avoid crashing if calling 'virsh numatune' on ...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:running:56039:moderate
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2014-01-15 08:58 UTC by Sebastian Krahmer
Modified:	2014-09-01 10:04 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2014-01-15 08:58:26 UTC

CVE-2013-6457



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6457
https://bugzilla.redhat.com/show_bug.cgi?id=1048629

Comment 1 Swamp Workflow Management 2014-01-15 23:00:33 UTC

bugbot adjusting priority

Comment 2 James Fehlig 2014-01-22 23:36:01 UTC

This issue only affects libvirt versions 1.1.1 through 1.2.0 inclusive, meaning
openSUSE13.1, Factory, and SLE12.  For Factory and SLE12, the issue is fixed by
updating to libvirt 1.2.1.  For openSUSE13.1, I've backported the fix and
have it queued for a future maintenance update in

https://build.opensuse.org/package/show/Virtualization:openSUSE13.1/libvirt

Reassinging to the security-team...

Comment 3 Swamp Workflow Management 2014-01-28 08:26:37 UTC

The SWAMPID for this issue is 56039.
This issue was rated as moderate.
Please submit fixed packages until 2014-02-11.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 5 Swamp Workflow Management 2014-02-21 17:05:37 UTC

openSUSE-SU-2014:0268-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 817407,857271,857492,858817,858824,859041,859051
CVE References: CVE-2013-6457,CVE-2013-6458,CVE-2014-0028,CVE-2014-1447
Sources used:
openSUSE 13.1 (src):    libvirt-1.1.2-2.18.3

Comment 6 Marcus Meissner 2014-09-01 10:04:30 UTC

released