Libvirt Security Notice: LSN-2014-0001 ====================================== Summary: libvirtd crashes if client closes connection early Reported on: 20140109 Published on: 20131231 Fixed on: 20140113 Reported by: Jiri Denemar <jdenemar(a)redhat.com&gt; Patched by: Jiri Denemar <jdenemar(a)redhat.com&gt; See also: CVE-2014-1447 Description ----------- When a client closes its connection to libvirtd early during virConnectOpen, more specifically just after making REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for the result, libvirtd may crash due to a race in keep-alive initialization. Impact ------ A malicious unprivileged client can caus the libvirtd daemon to crash leading to a denial of service Workaround ---------- Disable keepalive feature in the libvirtd.conf configuration file Affected product ---------------- Name: libvirt Repository: git://libvirt.org/git/libvirt.git http://libvirt.org/git/?p=libvirt.git Branch: master Broken in: v0.9.8 Broken in: v0.9.9 Broken in: v0.9.10 Broken in: v0.9.11 Broken in: v0.9.12 Broken in: v0.9.13 Broken in: v0.10.0 Broken in: v0.10.1 Broken in: v0.10.2 Broken in: v1.0.0 Broken in: v1.0.1 Broken in: v1.0.2 Broken in: v1.0.3 Broken in: v1.0.4 Broken in: v1.0.5 Broken in: v1.0.6 Broken in: v1.1.0 Broken in: v1.1.1 Broken in: v1.1.2 Broken in: v1.1.3 Broken in: v1.1.4 Broken in: v1.2.0 Fixed in: v1.2.1 Broken by: f4324e32927580e3620f0de3a0ec80334936e263 Fixed by: 066c8ef6c18bc1faf8b3e10787b39796a7a06cc0 Branch: v0.9.11-maint Broken in: v0.9.11.1 Broken in: v0.9.11.2 Broken in: v0.9.11.3 Broken in: v0.9.11.4 Broken in: v0.9.11.5 Broken in: v0.9.11.6 Broken in: v0.9.11.7 Broken in: v0.9.11.8 Broken in: v0.9.11.9 Broken in: v0.9.11.10 Broken by: f4324e32927580e3620f0de3a0ec80334936e263 Branch: v0.9.12-maint Broken in: v0.9.12.1 Broken in: v0.9.12.2 Broken by: f4324e32927580e3620f0de3a0ec80334936e263 Fixed by: c385db5994842466ad3afd3ec4414dc67e41f8d3 Branch: v1.0.2-maint Broken by: f4324e32927580e3620f0de3a0ec80334936e263 Fixed by: 7fad864afa2f7137f5ebfa7874c70d2a2ca5c6b1 Branch: v1.0.3-maint Broken by: f4324e32927580e3620f0de3a0ec80334936e263 Fixed by: b24979a12fcb8fc82b3a52159d578e7eba2ca466 Branch: v1.0.4-maint Broken by: f4324e32927580e3620f0de3a0ec80334936e263 Fixed by: 9b1e050856310ea688ba55668ffa6df31bd0d721 Branch: v1.0.5-maint Broken in: v1.0.5.1 Broken in: v1.0.5.2 Broken in: v1.0.5.3 Broken in: v1.0.5.4 Broken in: v1.0.5.5 Broken in: v1.0.5.6 Broken in: v1.0.5.7 Broken in: v1.0.5.8 Broken by: f4324e32927580e3620f0de3a0ec80334936e263 Fixed by: 99f8d97aa7498ae06bfbefc0d4d71351d0831016 Branch: v1.0.6-maint Broken by: f4324e32927580e3620f0de3a0ec80334936e263 Fixed by: 5055fe4b2db9927f02e3ec7e86f343fcc9e87879 Branch: v1.1.0-maint Broken by: f4324e32927580e3620f0de3a0ec80334936e263 Fixed by: c86813d5527c4e559dded3a7565dc420ac25c30e Branch: v1.1.1-maint Broken by: f4324e32927580e3620f0de3a0ec80334936e263 Fixed by: 08672cff7b2fe789bea4ebb1fed883c93b98ea0d Branch: v1.1.2-maint Broken by: f4324e32927580e3620f0de3a0ec80334936e263 Fixed by: 2842b103b1cd5d0872050a164b758967eb2e4be4 Branch: v1.1.3-maint Broken in: v1.1.3.1 Broken in: v1.1.3.2 Broken by: f4324e32927580e3620f0de3a0ec80334936e263 Fixed by: 8342adeffb260c564edd4d7279fcb8c3499a997f Branch: v1.1.4-maint Broken by: f4324e32927580e3620f0de3a0ec80334936e263 Fixed by: eb365315ac7784817769704729a69d4a82a71b50 Branch: v1.2.0-maint Broken by: f4324e32927580e3620f0de3a0ec80334936e263 Fixed by: a19f700b642115963ce6007cf22945870c9e8616 -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|