[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- libvirt: crash in virTypedParameterArrayClear
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-07-31 18:04:42
Message-ID: 50181E3A.2050400 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/31/2012 08:59 AM, Petr Matousek wrote:
> It has been found that sending crafted RPC command with nparams set
> to 0 can lead to libvirtd accessing random memory, possibly leading
> to crash. A remote attacker could use this flaw to crash libvirtd
> (DoS).
>
> Upstream proposed fix:
> https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
>
> References:
> https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
>
>
https://bugzilla.redhat.com/show_bug.cgi?id=844734
>
> Thanks,
Please use CVE-2012-3445 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJQGB46AAoJEBYNRVNeJnmTdMIQAN5YS7Szy4JMB7uzxAjky6dv
yOHNu7VWuRr1G4rvKuJ9U06ipurJLI2M2+TMvgQQiDoWVEVdAn6pLRtEHwYuipG7
tqtwHEcLQt9Z7MQrQfzJlEMDw2v1Q43qIlKyi+BkHExEczxj+RsROYLFl0jMHAOW
DPzDFUiCtjnK5WscAhOHTd7eZ/AiwRsotso4CXswosDV3Er69p1xGOc0AawbJF2J
lT5CEEEd3KgEeKavWArEec2bi/nLH1hbQcNEaIhMXotsgLzUvc69X2+8Z1ZO9D50
k1bTjgxtXNEAw4Cc/Klj9rDzmtJ5irk3L/WFZKN43G2q2+aye/5xsqz7uYs+Rngg
0AA+Sz/w3kyX9COf9QJ8gJN0KsLWmBdYyje43to+owZlFVAR46Ws+QvFWSfJPOHD
02CrcD9WCCphNeJ12BFG+ffNAJGO7GqGRcW0RdmRCtBeR08TIUPskwBPL3eqb+Bt
PIgcIyOFapbzzA/M+Ncj3x6G2Cusi/rbbv+hb1Nnpkbt9dJ445C4pZrr6DBbzngU
OUb6Ip+6HfGf9xFfFEwlJQs0+oE591LTUlr5TDsyIqcZ4DWylIN8+R82MNRK1bqN
AJtpk5f/MgwrETxbt7JNe7p/Wew+A1mr6Vq2u8b7AKz8smrxTW0kH4w3yA73huIG
vPq7Rz6bJPZmuwNxdnH5
=cFpj
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic