This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 968306 - (CVE-2013-2124) CVE-2013-2124 libguestfs: DoS (abort) due to a double free flaw when inspecting certain guest files / images
CVE-2013-2124 libguestfs: DoS (abort) due to a double free flaw when inspecti...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130528,repor...
: Security
Depends On: 968315 968337 968341
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-29 08:33 EDT by Jan Lieskovsky
Modified: 2015-07-31 03:06 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-07-29 09:18:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2013-05-29 08:33:52 EDT
A double-free flaw was found in the way Libguestfs, a library for accessing and modifying guest disk images, performed scan of certain guest files / images. A remote attacker could provide a specially-crafted guest file that, when inspected in an application linked against Libguestfs would lead to that application abort (denial of service).

References:
[1] https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html
[2] https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html

Relevant upstream patch (including reproducer):
[3] https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd

CVE Request:
[4] http://www.openwall.com/lists/oss-security/2013/05/29/2
Comment 1 Jan Lieskovsky 2013-05-29 08:56:16 EDT
This issue did NOT affect the version of the libguestfs package, as shipped with Red Hat Enterprise Linux 6.

--

This issue did NOT affect the version of the libguestfs package, as shipped with Fedora release of 17.

This issue (previously) affected the version of the libguestfs package, as shipped with Fedora release of 18. Version libguestfs-1.20.7-1.fc18 has been released (into the -testing branch) already to correct this problem.

--

This issue affects the version of the libguestfs package, as shipped with Fedora EPEL-5. Please schedule an update.
Comment 2 Jan Lieskovsky 2013-05-29 08:57:10 EDT
Created libguestfs tracking bugs for this issue

Affects: epel-5 [bug 968315]
Comment 3 Jan Lieskovsky 2013-05-29 09:02:33 EDT
Statement:

Not vulnerable. This issue did not affect the version of libguestfs as shipped with Red Hat Enterprise Linux 6 as it did not include the upstream commit 5a3da366268825b26b470cde35658b67c1d11cd4 that introduced this issue.
Comment 4 Richard W.M. Jones 2013-05-29 09:04:47 EDT
Fedora 17 is not affected.

Fedora 18 is affected, fixed in this package:
https://admin.fedoraproject.org/updates/libguestfs-1.20.7-1.fc18

Fedora 19 is affected, fixed in this package:
https://admin.fedoraproject.org/updates/libguestfs-1.22.1-1.fc19

RHEL 6.4 is not affected.

RHEL 6.5 is going to be rebased (bug 958183) but we've not been
able to commit that yet because we're waiting for some acks.  Will
clone this bug to make sure the fix isn't forgotten.

RHEL 7 would be affected, but we are planning to rebase
to 1.22.x (x >= 1) soon anyway.  Will clone the bug for RHEL 7.
Comment 8 Vincent Danen 2013-05-29 17:20:22 EDT
This has been assigned CVE-2013-2124 as per:

http://www.openwall.com/lists/oss-security/2013/05/29/8
Comment 14 Richard W.M. Jones 2013-06-03 06:54:56 EDT
OK I think we're all done upstream.  The complete fix
requires the following commits:

https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd
https://github.com/libguestfs/libguestfs/commit/ae8bb84ecd46d7b6ef557a87725923ac8d09dce0
https://github.com/libguestfs/libguestfs/commit/1c9dfd079aa6d7893f72c5fd17656c847f72c8d6

It will be fixed upstream in >= 1.20.8, >= 1.22.2,
>= 1.23.2.

Note You need to log in before you can comment on or make changes to this bug.