Bug 858824 - (CVE-2013-6457) VUL-1: CVE-2013-6457: libvirt: avoid crashing if calling 'virsh numatune' on an inactive domain (libxl)
(CVE-2013-6457)
VUL-1: CVE-2013-6457: libvirt: avoid crashing if calling 'virsh numatune' on ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
maint:running:56039:moderate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-15 08:58 UTC by Sebastian Krahmer
Modified: 2014-09-01 10:04 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2014-01-15 23:00:33 UTC
bugbot adjusting priority
Comment 2 James Fehlig 2014-01-22 23:36:01 UTC
This issue only affects libvirt versions 1.1.1 through 1.2.0 inclusive, meaning
openSUSE13.1, Factory, and SLE12.  For Factory and SLE12, the issue is fixed by
updating to libvirt 1.2.1.  For openSUSE13.1, I've backported the fix and
have it queued for a future maintenance update in

https://build.opensuse.org/package/show/Virtualization:openSUSE13.1/libvirt

Reassinging to the security-team...
Comment 3 Swamp Workflow Management 2014-01-28 08:26:37 UTC
The SWAMPID for this issue is 56039.
This issue was rated as moderate.
Please submit fixed packages until 2014-02-11.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 5 Swamp Workflow Management 2014-02-21 17:05:37 UTC
openSUSE-SU-2014:0268-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 817407,857271,857492,858817,858824,859041,859051
CVE References: CVE-2013-6457,CVE-2013-6458,CVE-2014-0028,CVE-2014-1447
Sources used:
openSUSE 13.1 (src):    libvirt-1.1.2-2.18.3
Comment 6 Marcus Meissner 2014-09-01 10:04:30 UTC
released