Libvirt Security Notice: LSN-2014-0009 ====================================== Summary: crash when using virStorageVolUpload Reported on: 20141202 Published on: 20141203 Fixed on: 20141203 Reported by: Pei Zhang <pzhang(a)redhat.com&gt; Patched by: Luyao Huang <lhuang(a)redhat.com&gt; See also: CVE-2014-8135 Description ----------- Incorrect parameter validation of the virStorageVolUpload command could cause libvirtd to attempt to dereference NULL. Impact ------ When using fine-grained ACLs, a user that is permitted to modify storage volumes but not create arbitrary domains can use bogus parameters to cause a denial of service attack against more privileged users. Workaround ---------- Passing valid parameters to virStorageVolUpload will not trigger a problem. It is also possible to prevent the denial of service by stopping the use of the fine grained access control mechanism, or by not granting users the storage_vol:data_write permission if they do not also have the domain:write permission; doing this will not prevent the crash for invalid parameters, but such a crash is no longer a security attack. Affected product ---------------- Name: libvirt Repository: git://libvirt.org/git/libvirt.git http://libvirt.org/git/?p=libvirt.git Branch: master Broken in: v1.2.8 Broken in: v1.2.9 Broken in: v1.2.10 Fixed in: v1.2.11 Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7 Fixed by: 87b9437f8951f9d24f9a85c6bbfff0e54df8c984 Branch: v1.2.8-maint Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7 Fixed by: 05ba8c50b15f7078ba7981f550fc59c3dc74c469 Branch: v1.2.9-maint Broken in: v1.2.9.1 Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7 Fixed by: 584e876ba2057b472074dbf177d2397392d70363 Branch: v1.2.10-maint Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7 Fixed by: c89df3695b397d155ca15ac174c983ae9a77387e -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org