Upstream information

CVE-2013-1962 at MITRE

Description

The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool."

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 820397 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libvirt >= 1.2.5-13.3
  • libvirt-client >= 1.2.5-13.3
  • libvirt-client-32bit >= 1.2.5-13.3
  • libvirt-daemon >= 1.2.5-13.3
  • libvirt-daemon-config-network >= 1.2.5-13.3
  • libvirt-daemon-config-nwfilter >= 1.2.5-13.3
  • libvirt-daemon-driver-interface >= 1.2.5-13.3
  • libvirt-daemon-driver-libxl >= 1.2.5-13.3
  • libvirt-daemon-driver-lxc >= 1.2.5-13.3
  • libvirt-daemon-driver-network >= 1.2.5-13.3
  • libvirt-daemon-driver-nodedev >= 1.2.5-13.3
  • libvirt-daemon-driver-nwfilter >= 1.2.5-13.3
  • libvirt-daemon-driver-qemu >= 1.2.5-13.3
  • libvirt-daemon-driver-secret >= 1.2.5-13.3
  • libvirt-daemon-driver-storage >= 1.2.5-13.3
  • libvirt-daemon-lxc >= 1.2.5-13.3
  • libvirt-daemon-qemu >= 1.2.5-13.3
  • libvirt-daemon-xen >= 1.2.5-13.3
  • libvirt-doc >= 1.2.5-13.3
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libvirt
SUSE Linux Enterprise Desktop 12 SP1
  • libvirt >= 1.2.18.1-4.22
  • libvirt-client >= 1.2.18.1-4.22
  • libvirt-client-32bit >= 1.2.18.1-4.22
  • libvirt-daemon >= 1.2.18.1-4.22
  • libvirt-daemon-config-network >= 1.2.18.1-4.22
  • libvirt-daemon-config-nwfilter >= 1.2.18.1-4.22
  • libvirt-daemon-driver-interface >= 1.2.18.1-4.22
  • libvirt-daemon-driver-libxl >= 1.2.18.1-4.22
  • libvirt-daemon-driver-lxc >= 1.2.18.1-4.22
  • libvirt-daemon-driver-network >= 1.2.18.1-4.22
  • libvirt-daemon-driver-nodedev >= 1.2.18.1-4.22
  • libvirt-daemon-driver-nwfilter >= 1.2.18.1-4.22
  • libvirt-daemon-driver-qemu >= 1.2.18.1-4.22
  • libvirt-daemon-driver-secret >= 1.2.18.1-4.22
  • libvirt-daemon-driver-storage >= 1.2.18.1-4.22
  • libvirt-daemon-lxc >= 1.2.18.1-4.22
  • libvirt-daemon-qemu >= 1.2.18.1-4.22
  • libvirt-daemon-xen >= 1.2.18.1-4.22
  • libvirt-doc >= 1.2.18.1-4.22
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libvirt
SUSE Linux Enterprise Desktop 12 SP2
  • libvirt >= 2.0.0-26.2
  • libvirt-client >= 2.0.0-26.2
  • libvirt-client-32bit >= 2.0.0-26.2
  • libvirt-daemon >= 2.0.0-26.2
  • libvirt-daemon-config-network >= 2.0.0-26.2
  • libvirt-daemon-config-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-interface >= 2.0.0-26.2
  • libvirt-daemon-driver-libxl >= 2.0.0-26.2
  • libvirt-daemon-driver-lxc >= 2.0.0-26.2
  • libvirt-daemon-driver-network >= 2.0.0-26.2
  • libvirt-daemon-driver-nodedev >= 2.0.0-26.2
  • libvirt-daemon-driver-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-qemu >= 2.0.0-26.2
  • libvirt-daemon-driver-secret >= 2.0.0-26.2
  • libvirt-daemon-driver-storage >= 2.0.0-26.2
  • libvirt-daemon-lxc >= 2.0.0-26.2
  • libvirt-daemon-qemu >= 2.0.0-26.2
  • libvirt-daemon-xen >= 2.0.0-26.2
  • libvirt-doc >= 2.0.0-26.2
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libvirt
SUSE Linux Enterprise Server 11 SP3
  • libvirt >= 1.0.5.1-0.7.10
  • libvirt-client >= 1.0.5.1-0.7.10
  • libvirt-client-32bit >= 1.0.5.1-0.7.10
  • libvirt-doc >= 1.0.5.1-0.7.10
  • libvirt-lock-sanlock >= 1.0.5.1-0.7.10
  • libvirt-python >= 1.0.5.1-0.7.10
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA libvirt
SUSE Linux Enterprise Server 11 SP4
  • libvirt >= 1.2.5-3.76
  • libvirt-client >= 1.2.5-3.76
  • libvirt-client-32bit >= 1.2.5-3.76
  • libvirt-doc >= 1.2.5-3.76
  • libvirt-lock-sanlock >= 1.2.5-3.76
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA libvirt
SUSE Linux Enterprise Server 12
  • libvirt >= 1.2.5-13.3
  • libvirt-client >= 1.2.5-13.3
  • libvirt-daemon >= 1.2.5-13.3
  • libvirt-daemon-config-network >= 1.2.5-13.3
  • libvirt-daemon-config-nwfilter >= 1.2.5-13.3
  • libvirt-daemon-driver-interface >= 1.2.5-13.3
  • libvirt-daemon-driver-libxl >= 1.2.5-13.3
  • libvirt-daemon-driver-lxc >= 1.2.5-13.3
  • libvirt-daemon-driver-network >= 1.2.5-13.3
  • libvirt-daemon-driver-nodedev >= 1.2.5-13.3
  • libvirt-daemon-driver-nwfilter >= 1.2.5-13.3
  • libvirt-daemon-driver-qemu >= 1.2.5-13.3
  • libvirt-daemon-driver-secret >= 1.2.5-13.3
  • libvirt-daemon-driver-storage >= 1.2.5-13.3
  • libvirt-daemon-lxc >= 1.2.5-13.3
  • libvirt-daemon-qemu >= 1.2.5-13.3
  • libvirt-daemon-xen >= 1.2.5-13.3
  • libvirt-doc >= 1.2.5-13.3
  • libvirt-lock-sanlock >= 1.2.5-13.3
Patchnames:
SUSE Linux Enterprise Server 12 GA libvirt
SUSE Linux Enterprise Server 12 SP1
  • libvirt >= 1.2.18.1-4.22
  • libvirt-client >= 1.2.18.1-4.22
  • libvirt-daemon >= 1.2.18.1-4.22
  • libvirt-daemon-config-network >= 1.2.18.1-4.22
  • libvirt-daemon-config-nwfilter >= 1.2.18.1-4.22
  • libvirt-daemon-driver-interface >= 1.2.18.1-4.22
  • libvirt-daemon-driver-libxl >= 1.2.18.1-4.22
  • libvirt-daemon-driver-lxc >= 1.2.18.1-4.22
  • libvirt-daemon-driver-network >= 1.2.18.1-4.22
  • libvirt-daemon-driver-nodedev >= 1.2.18.1-4.22
  • libvirt-daemon-driver-nwfilter >= 1.2.18.1-4.22
  • libvirt-daemon-driver-qemu >= 1.2.18.1-4.22
  • libvirt-daemon-driver-secret >= 1.2.18.1-4.22
  • libvirt-daemon-driver-storage >= 1.2.18.1-4.22
  • libvirt-daemon-lxc >= 1.2.18.1-4.22
  • libvirt-daemon-qemu >= 1.2.18.1-4.22
  • libvirt-daemon-xen >= 1.2.18.1-4.22
  • libvirt-doc >= 1.2.18.1-4.22
  • libvirt-lock-sanlock >= 1.2.18.1-4.22
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libvirt
SUSE Linux Enterprise Server 12 SP2
  • libvirt >= 2.0.0-26.2
  • libvirt-client >= 2.0.0-26.2
  • libvirt-daemon >= 2.0.0-26.2
  • libvirt-daemon-config-network >= 2.0.0-26.2
  • libvirt-daemon-config-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-interface >= 2.0.0-26.2
  • libvirt-daemon-driver-libxl >= 2.0.0-26.2
  • libvirt-daemon-driver-lxc >= 2.0.0-26.2
  • libvirt-daemon-driver-network >= 2.0.0-26.2
  • libvirt-daemon-driver-nodedev >= 2.0.0-26.2
  • libvirt-daemon-driver-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-qemu >= 2.0.0-26.2
  • libvirt-daemon-driver-secret >= 2.0.0-26.2
  • libvirt-daemon-driver-storage >= 2.0.0-26.2
  • libvirt-daemon-lxc >= 2.0.0-26.2
  • libvirt-daemon-qemu >= 2.0.0-26.2
  • libvirt-daemon-xen >= 2.0.0-26.2
  • libvirt-doc >= 2.0.0-26.2
  • libvirt-lock-sanlock >= 2.0.0-26.2
  • libvirt-nss >= 2.0.0-26.2
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libvirt
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libvirt >= 2.0.0-26.2
  • libvirt-client >= 2.0.0-26.2
  • libvirt-daemon >= 2.0.0-26.2
  • libvirt-daemon-config-network >= 2.0.0-26.2
  • libvirt-daemon-config-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-interface >= 2.0.0-26.2
  • libvirt-daemon-driver-lxc >= 2.0.0-26.2
  • libvirt-daemon-driver-network >= 2.0.0-26.2
  • libvirt-daemon-driver-nodedev >= 2.0.0-26.2
  • libvirt-daemon-driver-nwfilter >= 2.0.0-26.2
  • libvirt-daemon-driver-qemu >= 2.0.0-26.2
  • libvirt-daemon-driver-secret >= 2.0.0-26.2
  • libvirt-daemon-driver-storage >= 2.0.0-26.2
  • libvirt-daemon-lxc >= 2.0.0-26.2
  • libvirt-daemon-qemu >= 2.0.0-26.2
  • libvirt-doc >= 2.0.0-26.2
  • libvirt-lock-sanlock >= 2.0.0-26.2
  • libvirt-nss >= 2.0.0-26.2
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libvirt
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libvirt-devel >= 1.2.5-3.76
  • libvirt-devel-32bit >= 1.2.5-3.76
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libvirt-devel
SUSE Linux Enterprise Software Development Kit 12
  • libvirt-devel >= 1.2.5-13.3
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libvirt-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libvirt-devel >= 1.2.18.1-4.22
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libvirt-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libvirt-devel >= 2.0.0-26.2
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libvirt-devel
SUSE Linux Enterprise Workstation Extension 12
  • libvirt-client-32bit >= 1.2.5-13.3
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 GA libvirt-client-32bit
SUSE Linux Enterprise Workstation Extension 12 SP1
  • libvirt-client-32bit >= 1.2.18.1-4.22
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP1 GA libvirt-client-32bit
SUSE Linux Enterprise Workstation Extension 12 SP2
  • libvirt-client-32bit >= 2.0.0-26.2
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP2 GA libvirt-client-32bit
openSUSE 12.3
  • libvirt >= 1.0.2-1.6.1
  • libvirt-client >= 1.0.2-1.6.1
  • libvirt-client-32bit >= 1.0.2-1.6.1
  • libvirt-client-debuginfo >= 1.0.2-1.6.1
  • libvirt-client-debuginfo-32bit >= 1.0.2-1.6.1
  • libvirt-debuginfo >= 1.0.2-1.6.1
  • libvirt-debugsource >= 1.0.2-1.6.1
  • libvirt-devel >= 1.0.2-1.6.1
  • libvirt-devel-32bit >= 1.0.2-1.6.1
  • libvirt-doc >= 1.0.2-1.6.1
  • libvirt-lock-sanlock >= 1.0.2-1.6.1
  • libvirt-lock-sanlock-debuginfo >= 1.0.2-1.6.1
  • libvirt-python >= 1.0.2-1.6.1
  • libvirt-python-debuginfo >= 1.0.2-1.6.1
Patchnames:
openSUSE-2013-463
openSUSE 13.2
  • libvirt >= 1.2.9-1.3
  • libvirt-client >= 1.2.9-1.3
  • libvirt-daemon >= 1.2.9-1.3
  • libvirt-daemon-config-network >= 1.2.9-1.3
  • libvirt-daemon-config-nwfilter >= 1.2.9-1.3
  • libvirt-daemon-driver-interface >= 1.2.9-1.3
  • libvirt-daemon-driver-libxl >= 1.2.9-1.3
  • libvirt-daemon-driver-lxc >= 1.2.9-1.3
  • libvirt-daemon-driver-network >= 1.2.9-1.3
  • libvirt-daemon-driver-nodedev >= 1.2.9-1.3
  • libvirt-daemon-driver-nwfilter >= 1.2.9-1.3
  • libvirt-daemon-driver-qemu >= 1.2.9-1.3
  • libvirt-daemon-driver-secret >= 1.2.9-1.3
  • libvirt-daemon-driver-storage >= 1.2.9-1.3
  • libvirt-daemon-driver-uml >= 1.2.9-1.3
  • libvirt-daemon-driver-vbox >= 1.2.9-1.3
  • libvirt-daemon-driver-xen >= 1.2.9-1.3
  • libvirt-daemon-qemu >= 1.2.9-1.3
  • libvirt-daemon-xen >= 1.2.9-1.3
Patchnames:
openSUSE 13.2 GA libvirt
openSUSE Leap 42.1
  • libvirt >= 1.2.18.1-3.2
  • libvirt-client >= 1.2.18.1-3.2
  • libvirt-daemon >= 1.2.18.1-3.2
  • libvirt-daemon-config-network >= 1.2.18.1-3.2
  • libvirt-daemon-config-nwfilter >= 1.2.18.1-3.2
  • libvirt-daemon-driver-interface >= 1.2.18.1-3.2
  • libvirt-daemon-driver-libxl >= 1.2.18.1-3.2
  • libvirt-daemon-driver-lxc >= 1.2.18.1-3.2
  • libvirt-daemon-driver-network >= 1.2.18.1-3.2
  • libvirt-daemon-driver-nodedev >= 1.2.18.1-3.2
  • libvirt-daemon-driver-nwfilter >= 1.2.18.1-3.2
  • libvirt-daemon-driver-qemu >= 1.2.18.1-3.2
  • libvirt-daemon-driver-secret >= 1.2.18.1-3.2
  • libvirt-daemon-driver-storage >= 1.2.18.1-3.2
  • libvirt-daemon-driver-uml >= 1.2.18.1-3.2
  • libvirt-daemon-driver-vbox >= 1.2.18.1-3.2
  • libvirt-daemon-lxc >= 1.2.18.1-3.2
  • libvirt-daemon-qemu >= 1.2.18.1-3.2
  • libvirt-daemon-xen >= 1.2.18.1-3.2
Patchnames:
openSUSE Leap 42.1 GA libvirt
openSUSE Leap 42.2
  • libvirt >= 2.0.0-9.1
  • libvirt-client >= 2.0.0-9.1
  • libvirt-daemon >= 2.0.0-9.1
  • libvirt-daemon-config-network >= 2.0.0-9.1
  • libvirt-daemon-config-nwfilter >= 2.0.0-9.1
  • libvirt-daemon-driver-interface >= 2.0.0-9.1
  • libvirt-daemon-driver-libxl >= 2.0.0-9.1
  • libvirt-daemon-driver-lxc >= 2.0.0-9.1
  • libvirt-daemon-driver-network >= 2.0.0-9.1
  • libvirt-daemon-driver-nodedev >= 2.0.0-9.1
  • libvirt-daemon-driver-nwfilter >= 2.0.0-9.1
  • libvirt-daemon-driver-qemu >= 2.0.0-9.1
  • libvirt-daemon-driver-secret >= 2.0.0-9.1
  • libvirt-daemon-driver-storage >= 2.0.0-9.1
  • libvirt-daemon-driver-uml >= 2.0.0-9.1
  • libvirt-daemon-driver-vbox >= 2.0.0-9.1
  • libvirt-daemon-lxc >= 2.0.0-9.1
  • libvirt-daemon-qemu >= 2.0.0-9.1
  • libvirt-daemon-xen >= 2.0.0-9.1
Patchnames:
openSUSE Leap 42.2 GA libvirt
openSUSE Tumbleweed
  • libvirt >= 2.5.0-1.1
  • libvirt-admin >= 2.5.0-1.1
  • libvirt-client >= 2.5.0-1.1
  • libvirt-daemon >= 2.5.0-1.1
  • libvirt-daemon-config-network >= 2.5.0-1.1
  • libvirt-daemon-config-nwfilter >= 2.5.0-1.1
  • libvirt-daemon-driver-interface >= 2.5.0-1.1
  • libvirt-daemon-driver-libxl >= 2.5.0-1.1
  • libvirt-daemon-driver-lxc >= 2.5.0-1.1
  • libvirt-daemon-driver-network >= 2.5.0-1.1
  • libvirt-daemon-driver-nodedev >= 2.5.0-1.1
  • libvirt-daemon-driver-nwfilter >= 2.5.0-1.1
  • libvirt-daemon-driver-qemu >= 2.5.0-1.1
  • libvirt-daemon-driver-secret >= 2.5.0-1.1
  • libvirt-daemon-driver-storage >= 2.5.0-1.1
  • libvirt-daemon-driver-uml >= 2.5.0-1.1
  • libvirt-daemon-driver-vbox >= 2.5.0-1.1
  • libvirt-daemon-lxc >= 2.5.0-1.1
  • libvirt-daemon-qemu >= 2.5.0-1.1
  • libvirt-daemon-uml >= 2.5.0-1.1
  • libvirt-daemon-vbox >= 2.5.0-1.1
  • libvirt-daemon-xen >= 2.5.0-1.1
  • libvirt-devel >= 2.5.0-1.1
  • libvirt-devel-32bit >= 2.5.0-1.1
  • libvirt-doc >= 2.5.0-1.1
  • libvirt-libs >= 2.5.0-1.1
  • libvirt-lock-sanlock >= 2.5.0-1.1
  • libvirt-nss >= 2.5.0-1.1
Patchnames:
openSUSE Tumbleweed GA libvirt