Upstream information

CVE-2013-0170 at MITRE

Description

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 9.33
Vector AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 800976 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • libvirt >= 0.9.6-0.25.1
  • libvirt-client >= 0.9.6-0.25.1
  • libvirt-client-32bit >= 0.9.6-0.25.1
  • libvirt-doc >= 0.9.6-0.25.1
  • libvirt-python >= 0.9.6-0.25.1
Patchnames:
sledsp2-libvirt
SUSE Linux Enterprise Desktop 12
  • libvirt >= 1.2.5-13.3
  • libvirt-client >= 1.2.5-13.3
  • libvirt-client-32bit >= 1.2.5-13.3
  • libvirt-daemon >= 1.2.5-13.3
  • libvirt-daemon-config-network >= 1.2.5-13.3
  • libvirt-daemon-config-nwfilter >= 1.2.5-13.3
  • libvirt-daemon-driver-interface >= 1.2.5-13.3
  • libvirt-daemon-driver-libxl >= 1.2.5-13.3
  • libvirt-daemon-driver-lxc >= 1.2.5-13.3
  • libvirt-daemon-driver-network >= 1.2.5-13.3
  • libvirt-daemon-driver-nodedev >= 1.2.5-13.3
  • libvirt-daemon-driver-nwfilter >= 1.2.5-13.3
  • libvirt-daemon-driver-qemu >= 1.2.5-13.3
  • libvirt-daemon-driver-secret >= 1.2.5-13.3
  • libvirt-daemon-driver-storage >= 1.2.5-13.3
  • libvirt-daemon-lxc >= 1.2.5-13.3
  • libvirt-daemon-qemu >= 1.2.5-13.3
  • libvirt-daemon-xen >= 1.2.5-13.3
  • libvirt-doc >= 1.2.5-13.3
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libvirt
SUSE Linux Enterprise Desktop 12 SP1
  • libvirt >= 1.2.18.1-4.22
  • libvirt-client >= 1.2.18.1-4.22
  • libvirt-client-32bit >= 1.2.18.1-4.22
  • libvirt-daemon >= 1.2.18.1-4.22
  • libvirt-daemon-config-network >= 1.2.18.1-4.22
  • libvirt-daemon-config-nwfilter >= 1.2.18.1-4.22
  • libvirt-daemon-driver-interface >= 1.2.18.1-4.22
  • libvirt-daemon-driver-libxl >= 1.2.18.1-4.22
  • libvirt-daemon-driver-lxc >= 1.2.18.1-4.22
  • libvirt-daemon-driver-network >= 1.2.18.1-4.22
  • libvirt-daemon-driver-nodedev >= 1.2.18.1-4.22
  • libvirt-daemon-driver-nwfilter >= 1.2.18.1-4.22
  • libvirt-daemon-driver-qemu >= 1.2.18.1-4.22
  • libvirt-daemon-driver-secret >= 1.2.18.1-4.22
  • libvirt-daemon-driver-storage >= 1.2.18.1-4.22
  • libvirt-daemon-lxc >= 1.2.18.1-4.22
  • libvirt-daemon-qemu >= 1.2.18.1-4.22
  • libvirt-daemon-xen >= 1.2.18.1-4.22
  • libvirt-doc >= 1.2.18.1-4.22
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libvirt
SUSE Linux Enterprise Desktop 12 SP2
  • libvirt >= 2.0.0-26.2
  • libvirt-client >= 2.0.0-26.2
  • libvirt-client-32bit >= 2.0.0-26.2
  • libvirt-daemon >= 2.0.0-26.2
  • libvirt-daemon-config-network >= 2.0.0-26.2
  • libvirt-daemon-config-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-interface >= 2.0.0-26.2
  • libvirt-daemon-driver-libxl >= 2.0.0-26.2
  • libvirt-daemon-driver-lxc >= 2.0.0-26.2
  • libvirt-daemon-driver-network >= 2.0.0-26.2
  • libvirt-daemon-driver-nodedev >= 2.0.0-26.2
  • libvirt-daemon-driver-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-qemu >= 2.0.0-26.2
  • libvirt-daemon-driver-secret >= 2.0.0-26.2
  • libvirt-daemon-driver-storage >= 2.0.0-26.2
  • libvirt-daemon-lxc >= 2.0.0-26.2
  • libvirt-daemon-qemu >= 2.0.0-26.2
  • libvirt-daemon-xen >= 2.0.0-26.2
  • libvirt-doc >= 2.0.0-26.2
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libvirt
SUSE Linux Enterprise Server 11 SP2
  • libvirt >= 0.9.6-0.25.1
  • libvirt-client >= 0.9.6-0.25.1
  • libvirt-client-32bit >= 0.9.6-0.25.1
  • libvirt-doc >= 0.9.6-0.25.1
  • libvirt-python >= 0.9.6-0.25.1
Patchnames:
slessp2-libvirt
SUSE Linux Enterprise Server 12
  • libvirt >= 1.2.5-13.3
  • libvirt-client >= 1.2.5-13.3
  • libvirt-daemon >= 1.2.5-13.3
  • libvirt-daemon-config-network >= 1.2.5-13.3
  • libvirt-daemon-config-nwfilter >= 1.2.5-13.3
  • libvirt-daemon-driver-interface >= 1.2.5-13.3
  • libvirt-daemon-driver-libxl >= 1.2.5-13.3
  • libvirt-daemon-driver-lxc >= 1.2.5-13.3
  • libvirt-daemon-driver-network >= 1.2.5-13.3
  • libvirt-daemon-driver-nodedev >= 1.2.5-13.3
  • libvirt-daemon-driver-nwfilter >= 1.2.5-13.3
  • libvirt-daemon-driver-qemu >= 1.2.5-13.3
  • libvirt-daemon-driver-secret >= 1.2.5-13.3
  • libvirt-daemon-driver-storage >= 1.2.5-13.3
  • libvirt-daemon-lxc >= 1.2.5-13.3
  • libvirt-daemon-qemu >= 1.2.5-13.3
  • libvirt-daemon-xen >= 1.2.5-13.3
  • libvirt-doc >= 1.2.5-13.3
  • libvirt-lock-sanlock >= 1.2.5-13.3
Patchnames:
SUSE Linux Enterprise Server 12 GA libvirt
SUSE Linux Enterprise Server 12 SP1
  • libvirt >= 1.2.18.1-4.22
  • libvirt-client >= 1.2.18.1-4.22
  • libvirt-daemon >= 1.2.18.1-4.22
  • libvirt-daemon-config-network >= 1.2.18.1-4.22
  • libvirt-daemon-config-nwfilter >= 1.2.18.1-4.22
  • libvirt-daemon-driver-interface >= 1.2.18.1-4.22
  • libvirt-daemon-driver-libxl >= 1.2.18.1-4.22
  • libvirt-daemon-driver-lxc >= 1.2.18.1-4.22
  • libvirt-daemon-driver-network >= 1.2.18.1-4.22
  • libvirt-daemon-driver-nodedev >= 1.2.18.1-4.22
  • libvirt-daemon-driver-nwfilter >= 1.2.18.1-4.22
  • libvirt-daemon-driver-qemu >= 1.2.18.1-4.22
  • libvirt-daemon-driver-secret >= 1.2.18.1-4.22
  • libvirt-daemon-driver-storage >= 1.2.18.1-4.22
  • libvirt-daemon-lxc >= 1.2.18.1-4.22
  • libvirt-daemon-qemu >= 1.2.18.1-4.22
  • libvirt-daemon-xen >= 1.2.18.1-4.22
  • libvirt-doc >= 1.2.18.1-4.22
  • libvirt-lock-sanlock >= 1.2.18.1-4.22
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libvirt
SUSE Linux Enterprise Server 12 SP2
  • libvirt >= 2.0.0-26.2
  • libvirt-client >= 2.0.0-26.2
  • libvirt-daemon >= 2.0.0-26.2
  • libvirt-daemon-config-network >= 2.0.0-26.2
  • libvirt-daemon-config-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-interface >= 2.0.0-26.2
  • libvirt-daemon-driver-libxl >= 2.0.0-26.2
  • libvirt-daemon-driver-lxc >= 2.0.0-26.2
  • libvirt-daemon-driver-network >= 2.0.0-26.2
  • libvirt-daemon-driver-nodedev >= 2.0.0-26.2
  • libvirt-daemon-driver-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-qemu >= 2.0.0-26.2
  • libvirt-daemon-driver-secret >= 2.0.0-26.2
  • libvirt-daemon-driver-storage >= 2.0.0-26.2
  • libvirt-daemon-lxc >= 2.0.0-26.2
  • libvirt-daemon-qemu >= 2.0.0-26.2
  • libvirt-daemon-xen >= 2.0.0-26.2
  • libvirt-doc >= 2.0.0-26.2
  • libvirt-lock-sanlock >= 2.0.0-26.2
  • libvirt-nss >= 2.0.0-26.2
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libvirt
SUSE Linux Enterprise Software Development Kit 11 SP2
  • libvirt-devel >= 0.9.6-0.25.1
  • libvirt-devel-32bit >= 0.9.6-0.25.1
Patchnames:
sdksp2-libvirt
SUSE Linux Enterprise Software Development Kit 12
  • libvirt-devel >= 1.2.5-13.3
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libvirt-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libvirt-devel >= 1.2.18.1-4.22
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libvirt-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libvirt-devel >= 2.0.0-26.2
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libvirt-devel
SUSE Linux Enterprise Workstation Extension 12
  • libvirt-client-32bit >= 1.2.5-13.3
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 GA libvirt-client-32bit
SUSE Linux Enterprise Workstation Extension 12 SP1
  • libvirt-client-32bit >= 1.2.18.1-4.22
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP1 GA libvirt-client-32bit
SUSE Linux Enterprise Workstation Extension 12 SP2
  • libvirt-client-32bit >= 2.0.0-26.2
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP2 GA libvirt-client-32bit
SUSE Linux Enterprise Software Development Kit 11 SP2
  • libvirt-devel >= 0.9.6-0.25.1
Builds
SAT Patch Nr: 7310
SUSE Linux Enterprise Software Development Kit 11 SP2
  • libvirt-devel >= 0.9.6-0.25.1
  • libvirt-devel-32bit >= 0.9.6-0.25.1
Builds
SAT Patch Nr: 7310
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
  • libvirt >= 0.9.6-0.25.1
  • libvirt-client >= 0.9.6-0.25.1
  • libvirt-doc >= 0.9.6-0.25.1
  • libvirt-python >= 0.9.6-0.25.1
Builds
SAT Patch Nr: 7310
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
  • libvirt >= 0.9.6-0.25.1
  • libvirt-client >= 0.9.6-0.25.1
  • libvirt-client-32bit >= 0.9.6-0.25.1
  • libvirt-doc >= 0.9.6-0.25.1
  • libvirt-python >= 0.9.6-0.25.1
Builds
SAT Patch Nr: 7310
openSUSE 13.2
  • libvirt >= 1.2.9-1.3
  • libvirt-client >= 1.2.9-1.3
  • libvirt-daemon >= 1.2.9-1.3
  • libvirt-daemon-config-network >= 1.2.9-1.3
  • libvirt-daemon-config-nwfilter >= 1.2.9-1.3
  • libvirt-daemon-driver-interface >= 1.2.9-1.3
  • libvirt-daemon-driver-libxl >= 1.2.9-1.3
  • libvirt-daemon-driver-lxc >= 1.2.9-1.3
  • libvirt-daemon-driver-network >= 1.2.9-1.3
  • libvirt-daemon-driver-nodedev >= 1.2.9-1.3
  • libvirt-daemon-driver-nwfilter >= 1.2.9-1.3
  • libvirt-daemon-driver-qemu >= 1.2.9-1.3
  • libvirt-daemon-driver-secret >= 1.2.9-1.3
  • libvirt-daemon-driver-storage >= 1.2.9-1.3
  • libvirt-daemon-driver-uml >= 1.2.9-1.3
  • libvirt-daemon-driver-vbox >= 1.2.9-1.3
  • libvirt-daemon-driver-xen >= 1.2.9-1.3
  • libvirt-daemon-qemu >= 1.2.9-1.3
  • libvirt-daemon-xen >= 1.2.9-1.3
Patchnames:
openSUSE 13.2 GA libvirt
openSUSE Leap 42.1
  • libvirt >= 1.2.18.1-3.2
  • libvirt-client >= 1.2.18.1-3.2
  • libvirt-daemon >= 1.2.18.1-3.2
  • libvirt-daemon-config-network >= 1.2.18.1-3.2
  • libvirt-daemon-config-nwfilter >= 1.2.18.1-3.2
  • libvirt-daemon-driver-interface >= 1.2.18.1-3.2
  • libvirt-daemon-driver-libxl >= 1.2.18.1-3.2
  • libvirt-daemon-driver-lxc >= 1.2.18.1-3.2
  • libvirt-daemon-driver-network >= 1.2.18.1-3.2
  • libvirt-daemon-driver-nodedev >= 1.2.18.1-3.2
  • libvirt-daemon-driver-nwfilter >= 1.2.18.1-3.2
  • libvirt-daemon-driver-qemu >= 1.2.18.1-3.2
  • libvirt-daemon-driver-secret >= 1.2.18.1-3.2
  • libvirt-daemon-driver-storage >= 1.2.18.1-3.2
  • libvirt-daemon-driver-uml >= 1.2.18.1-3.2
  • libvirt-daemon-driver-vbox >= 1.2.18.1-3.2
  • libvirt-daemon-lxc >= 1.2.18.1-3.2
  • libvirt-daemon-qemu >= 1.2.18.1-3.2
  • libvirt-daemon-xen >= 1.2.18.1-3.2
Patchnames:
openSUSE Leap 42.1 GA libvirt
openSUSE Leap 42.2
  • libvirt >= 2.0.0-9.1
  • libvirt-client >= 2.0.0-9.1
  • libvirt-daemon >= 2.0.0-9.1
  • libvirt-daemon-config-network >= 2.0.0-9.1
  • libvirt-daemon-config-nwfilter >= 2.0.0-9.1
  • libvirt-daemon-driver-interface >= 2.0.0-9.1
  • libvirt-daemon-driver-libxl >= 2.0.0-9.1
  • libvirt-daemon-driver-lxc >= 2.0.0-9.1
  • libvirt-daemon-driver-network >= 2.0.0-9.1
  • libvirt-daemon-driver-nodedev >= 2.0.0-9.1
  • libvirt-daemon-driver-nwfilter >= 2.0.0-9.1
  • libvirt-daemon-driver-qemu >= 2.0.0-9.1
  • libvirt-daemon-driver-secret >= 2.0.0-9.1
  • libvirt-daemon-driver-storage >= 2.0.0-9.1
  • libvirt-daemon-driver-uml >= 2.0.0-9.1
  • libvirt-daemon-driver-vbox >= 2.0.0-9.1
  • libvirt-daemon-lxc >= 2.0.0-9.1
  • libvirt-daemon-qemu >= 2.0.0-9.1
  • libvirt-daemon-xen >= 2.0.0-9.1
Patchnames:
openSUSE Leap 42.2 GA libvirt
openSUSE Tumbleweed
  • libvirt >= 2.5.0-1.1
  • libvirt-admin >= 2.5.0-1.1
  • libvirt-client >= 2.5.0-1.1
  • libvirt-daemon >= 2.5.0-1.1
  • libvirt-daemon-config-network >= 2.5.0-1.1
  • libvirt-daemon-config-nwfilter >= 2.5.0-1.1
  • libvirt-daemon-driver-interface >= 2.5.0-1.1
  • libvirt-daemon-driver-libxl >= 2.5.0-1.1
  • libvirt-daemon-driver-lxc >= 2.5.0-1.1
  • libvirt-daemon-driver-network >= 2.5.0-1.1
  • libvirt-daemon-driver-nodedev >= 2.5.0-1.1
  • libvirt-daemon-driver-nwfilter >= 2.5.0-1.1
  • libvirt-daemon-driver-qemu >= 2.5.0-1.1
  • libvirt-daemon-driver-secret >= 2.5.0-1.1
  • libvirt-daemon-driver-storage >= 2.5.0-1.1
  • libvirt-daemon-driver-uml >= 2.5.0-1.1
  • libvirt-daemon-driver-vbox >= 2.5.0-1.1
  • libvirt-daemon-lxc >= 2.5.0-1.1
  • libvirt-daemon-qemu >= 2.5.0-1.1
  • libvirt-daemon-uml >= 2.5.0-1.1
  • libvirt-daemon-vbox >= 2.5.0-1.1
  • libvirt-daemon-xen >= 2.5.0-1.1
  • libvirt-devel >= 2.5.0-1.1
  • libvirt-devel-32bit >= 2.5.0-1.1
  • libvirt-doc >= 2.5.0-1.1
  • libvirt-libs >= 2.5.0-1.1
  • libvirt-lock-sanlock >= 2.5.0-1.1
  • libvirt-nss >= 2.5.0-1.1
Patchnames:
openSUSE Tumbleweed GA libvirt