12 Aug
2013
12 Aug
'13
10:25 p.m.
On 08/05/2013 10:39 AM, Jim Fehlig wrote:
Commit 632180d1 introduced memory corruption in xenDaemonListDefinedDomains by starting to populate the names array at index -1, causing all sorts of havoc in libvirtd such as aborts like the following
*** Error in `/usr/sbin/libvirtd': double free or corruption (out): 0x00007fffe00ccf20 ***
This has been assigned CVE-2013-4239 (a read-only client can crash or otherwise interfere with read-write clients). v1.1.1 is the only impacted release, and only if you compiled with xen support; and v1.1.1-maint already includes the backport of this patch. Thanks again for a quick fix. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org