[libvirt] [PATCH] xen: fix memory corruption in legacy driver

Eric Blake eblake at redhat.com
Mon Aug 12 20:25:35 UTC 2013


On 08/05/2013 10:39 AM, Jim Fehlig wrote:
> Commit 632180d1 introduced memory corruption in xenDaemonListDefinedDomains
> by starting to populate the names array at index -1, causing all sorts
> of havoc in libvirtd such as aborts like the following
> 
> *** Error in `/usr/sbin/libvirtd': double free or corruption (out): 0x00007fffe00ccf20 ***

This has been assigned CVE-2013-4239 (a read-only client can crash or
otherwise interfere with read-write clients).  v1.1.1 is the only
impacted release, and only if you compiled with xen support; and
v1.1.1-maint already includes the backport of this patch.  Thanks again
for a quick fix.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130812/54060dc2/attachment-0001.sig>


More information about the libvir-list mailing list