Bug 858817 - (CVE-2014-1447) VUL-0: CVE-2014-1447: libvirt: denial of service with keepalive
(CVE-2014-1447)
VUL-0: CVE-2014-1447: libvirt: denial of service with keepalive
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sle11-sp3:56202
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-15 07:11 UTC by Sebastian Krahmer
Modified: 2015-02-19 01:46 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2014-01-15 07:11:27 UTC
Via OSS-sec:

------8<-------------

On Thu, Jan 09, 2014 at 02:58:06PM -0700, Eric Blake wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1047577 is a publicly
> reported bug that details a libvirtd crash caused by a race when
> keepalive is requested but the connection is closed prior to
> establishing connection credentials.  Since this crash occurs before
> libvirtd can distinguish between read-only vs. read-write clients, it
> can be used as a denial of service attack by read-only clients, and
> therefore needs a CVE.

Upstream patches:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=173c291
http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef


----------8<----------

CVE-2014-1447

mitre also assigned CVE-2014-1448, but upstream refused to
accept a second assignment for basically the same bug.
Comment 1 Swamp Workflow Management 2014-01-15 23:00:18 UTC
bugbot adjusting priority
Comment 2 James Fehlig 2014-01-22 23:40:40 UTC
This issue affects libvirt versions 0.9.8 through 1.2.0 inclusive, meaning openSUSE12.3, 13.1, Factory, SLE11 SP3, and SLE12.  For Factory and SLE12, the issue is fixed by updating to libvirt 1.2.1.  For openSUSE13.1, I've backported the fix and have it queued for a future maintenance update in

https://build.opensuse.org/package/show/Virtualization:openSUSE13.1/libvirt

Still working on the backports for 12.3 and SLE11 SP3...
Comment 3 James Fehlig 2014-01-24 23:14:13 UTC
Ok, I have the backports queued for 12.3 and SLE11 SP3.  All affected packages are ready to submit when the security-team is ready.
Comment 7 Swamp Workflow Management 2014-01-28 08:26:55 UTC
The SWAMPID for this issue is 56039.
This issue was rated as moderate.
Please submit fixed packages until 2014-02-11.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 12 Marcus Meissner 2014-02-19 16:58:14 UTC
no virnetServer in SLE11 SP1 or older, so these are not affected.
Comment 13 Swamp Workflow Management 2014-02-21 17:05:27 UTC
openSUSE-SU-2014:0268-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 817407,857271,857492,858817,858824,859041,859051
CVE References: CVE-2013-6457,CVE-2013-6458,CVE-2014-0028,CVE-2014-1447
Sources used:
openSUSE 13.1 (src):    libvirt-1.1.2-2.18.3
Comment 14 Swamp Workflow Management 2014-02-21 17:06:33 UTC
openSUSE-SU-2014:0270-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 857492,858817
CVE References: CVE-2013-6458,CVE-2014-1447
Sources used:
openSUSE 12.3 (src):    libvirt-1.0.2-1.14.1
Comment 15 Swamp Workflow Management 2014-03-03 09:52:38 UTC
Update released for: libvirt, libvirt-client, libvirt-client-32bit, libvirt-client-64bit, libvirt-client-x86, libvirt-debuginfo, libvirt-debugsource, libvirt-devel, libvirt-devel-32bit, libvirt-devel-64bit, libvirt-doc, libvirt-lock-sanlock, libvirt-python
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
Comment 16 Swamp Workflow Management 2014-03-03 13:04:45 UTC
SUSE-SU-2014:0318-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 817407,857492,858817
CVE References: CVE-2013-6458,CVE-2014-1447
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    libvirt-1.0.5.9-0.7.1
SUSE Linux Enterprise Server 11 SP3 (src):    libvirt-1.0.5.9-0.7.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    libvirt-1.0.5.9-0.7.1