[libvirt] CVE-2013-6457 Re: [PATCH] libxl: avoid crashing if calling `virsh numatune' on inactive domain
Eric Blake
eblake at redhat.com
Tue Dec 24 13:24:17 UTC 2013
On 12/23/2013 11:02 PM, Eric Blake wrote:
> On 12/20/2013 11:36 AM, Jim Fehlig wrote:
>> Dario Faggioli wrote:
>>> by, in libxlDomainGetNumaParameters(), calling libxl_bitmap_init() as soon as
>>> possible, which avoids getting to 'cleanup:', where libxl_bitmap_dispose()
>>> happens, without having initialized the nodemap, and hence crashing after some
>>> invalid free()-s:
>>>
>>
>> Yikes! ACK to the fix. I've pushed it.
>
> This has been assigned CVE-6457; we'll get it tagged in libvirt.git and
> make sure it is backported to relevant branches once I've got more time
> (may be in 2014).
Typo, I meant CVE-2013-6457
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20131224/e00f1e32/attachment-0001.sig>
More information about the libvir-list
mailing list