'[oss-security] CVE Request -- libguestfs (1.21.6 | 1.22.0 | 1.23.0 <= X < 1.22.1

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE Request -- libguestfs (1.21.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial o
From:       Jan Lieskovsky <jlieskov () redhat ! com>
Date:       2013-05-29 12:21:42
Message-ID: 174291314.10035067.1369830102814.JavaMail.root () redhat ! com
[Download RAW message or body]

Hello Kurt, Steve, vendors,

  LibguestFS upstream has issued the following patch:
  [1] https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd

to correct a double-free flaw in the virt-inspector / other virt-* tools,
which could lead to denial of service if some of the tools were used by
3rd party applications for inspection of untrusted guest files / images:

  [2] https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html
  [3] https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html

Could you allocate a CVE identifier for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic