[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] CVE-2013-6457 Re: [PATCH] libxl: avoid crashing if calling `virsh numatune' on inactive domain



On 12/23/2013 11:02 PM, Eric Blake wrote:
> On 12/20/2013 11:36 AM, Jim Fehlig wrote:
>> Dario Faggioli wrote:
>>> by, in libxlDomainGetNumaParameters(), calling libxl_bitmap_init() as soon as
>>> possible, which avoids getting to 'cleanup:', where libxl_bitmap_dispose()
>>> happens, without having initialized the nodemap, and hence crashing after some
>>> invalid free()-s:
>>>   
>>
>> Yikes!  ACK to the fix.  I've pushed it.
> 
> This has been assigned CVE-6457; we'll get it tagged in libvirt.git and
> make sure it is backported to relevant branches once I've got more time
> (may be in 2014).

Typo, I meant CVE-2013-6457

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]