[Pkg-libvirt-maintainers] Bug#633630: Bug#633630: CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
Guido Günther
agx at sigxcpu.org
Wed Jul 13 19:33:06 UTC 2011
On Wed, Jul 13, 2011 at 07:36:19AM +0200, Salvatore Bonaccorso wrote:
> Hi Guido
>
> On Tue, Jul 12, 2011 at 11:24:26PM +0200, Guido Günther wrote:
> > On Tue, Jul 12, 2011 at 12:29:14PM +0200, Salvatore Bonaccorso wrote:
> > > Source: libvirt
> > > Version: 0.9.2
> > > Severity: important
> > > Tags: security
> > >
> > > Hi Guido
> > >
> > > In [1] (CVE-2011-2511) an integer overflow in VirDomainGetVcpus for
> > > libvirt is mentioned. This is fixed in new upstream 0.9.3. Here [2] is
> > > the patch applied by upstream. Can/should there be an update to for
> > > stable (if affected?).
> > >
> > > [1] http://www.securityfocus.com/bid/48478/info
> > > [2] https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
> > > [3] http://security-tracker.debian.org/CVE-2011-2511
> >
> > Attached patch fixes the issue for stable. We should also fix #623222
> > while at that. O.k. to upload a version to stable-security?
>
> Wow thanks for you fast work :-). Note, I have only reported the issue
> via BTS, but I'm not in security team. I'm Cc'ing this to the security
> team list.
Attached is the diff for the upload to stable-security. O.k. to upload?
This would address
CVE-2011-1486: Make error reporting in libvirtd thread safe
CVE-2011-2511: Fix integer overflow in VirDomainGetVcpus
for squeeze.
Cheers,
-- Guido
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0.8.3-5+squeeze2.diff
Type: text/x-diff
Size: 45658 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-libvirt-maintainers/attachments/20110713/d799b3db/attachment-0001.diff>
More information about the Pkg-libvirt-maintainers
mailing list