Upstream information

CVE-2013-2124 at MITRE

Description

Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 828006 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Module for Development Tools 15
  • ocaml-libguestfs-devel >= 1.38.0-3.52
Patchnames:
SUSE Linux Enterprise Module for Development Tools 15 GA ocaml-libguestfs-devel
SUSE Linux Enterprise Module for Server Applications 15
  • guestfs-data >= 1.38.0-3.52
  • guestfs-tools >= 1.38.0-3.52
  • guestfs-winsupport >= 1.38.0-3.52
  • guestfsd >= 1.38.0-3.52
  • libguestfs-devel >= 1.38.0-3.52
  • libguestfs0 >= 1.38.0-3.52
  • perl-Sys-Guestfs >= 1.38.0-3.52
  • python3-libguestfs >= 1.38.0-3.52
  • virt-v2v >= 1.38.0-3.52
Patchnames:
SUSE Linux Enterprise Module for Server Applications 15 GA guestfs-data
SUSE Linux Enterprise Server 11 SP3
  • guestfs-data >= 1.20.4-0.14.9
  • guestfs-tools >= 1.20.4-0.14.9
  • guestfsd >= 1.20.4-0.14.9
  • libguestfs0 >= 1.20.4-0.14.9
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA guestfs-data
SUSE Linux Enterprise Server 11 SP4
  • guestfs-data >= 1.20.12-0.18.70
  • guestfs-tools >= 1.20.12-0.18.70
  • guestfsd >= 1.20.12-0.18.70
  • libguestfs0 >= 1.20.12-0.18.70
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA guestfs-data
SUSE Linux Enterprise Server 12
  • guestfs-data >= 1.26.9-1.23
  • guestfs-tools >= 1.26.9-1.23
  • guestfsd >= 1.26.9-1.23
  • libguestfs0 >= 1.26.9-1.23
  • perl-Sys-Guestfs >= 1.26.9-1.23
Patchnames:
SUSE Linux Enterprise Server 12 GA guestfs-data
SUSE Linux Enterprise Server 12 SP1
  • guestfs-data >= 1.26.10-4.27
  • guestfs-tools >= 1.26.10-4.27
  • guestfsd >= 1.26.10-4.27
  • libguestfs0 >= 1.26.10-4.27
  • perl-Sys-Guestfs >= 1.26.10-4.27
  • python-libguestfs >= 1.26.10-4.27
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA guestfs-data
SUSE Linux Enterprise Server 12 SP2
  • guestfs-data >= 1.32.4-14.18
  • guestfs-tools >= 1.32.4-14.18
  • guestfsd >= 1.32.4-14.18
  • libguestfs0 >= 1.32.4-14.18
  • perl-Sys-Guestfs >= 1.32.4-14.18
  • python-libguestfs >= 1.32.4-14.18
  • virt-p2v >= 1.32.4-14.18
  • virt-v2v >= 1.32.4-14.18
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA guestfs-data
SUSE Linux Enterprise Server 12 SP3
  • guestfs-data >= 1.32.4-19.24
  • guestfs-tools >= 1.32.4-19.24
  • guestfsd >= 1.32.4-19.24
  • libguestfs0 >= 1.32.4-19.24
  • perl-Sys-Guestfs >= 1.32.4-19.24
  • python-libguestfs >= 1.32.4-19.24
  • virt-p2v >= 1.32.4-19.24
  • virt-v2v >= 1.32.4-19.24
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA guestfs-data
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • guestfs-data >= 1.32.4-14.18
  • guestfs-tools >= 1.32.4-14.18
  • guestfsd >= 1.32.4-14.18
  • libguestfs0 >= 1.32.4-14.18
  • perl-Sys-Guestfs >= 1.32.4-14.18
  • python-libguestfs >= 1.32.4-14.18
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA guestfs-data
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libguestfs-devel >= 1.20.12-0.18.70
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libguestfs-devel
SUSE Linux Enterprise Software Development Kit 12
  • libguestfs-devel >= 1.26.9-1.23
  • ocaml-libguestfs-devel >= 1.26.9-1.23
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libguestfs-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libguestfs-devel >= 1.26.10-4.27
  • ocaml-libguestfs-devel >= 1.26.10-4.27
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libguestfs-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libguestfs-devel >= 1.32.4-14.18
  • ocaml-libguestfs-devel >= 1.32.4-14.18
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libguestfs-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • libguestfs-devel >= 1.32.4-19.24
  • ocaml-libguestfs-devel >= 1.32.4-19.24
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libguestfs-devel
openSUSE Leap 15.0
  • guestfs-data >= 1.38.0-lp150.2.4
  • libguestfs0 >= 1.38.0-lp150.2.4
  • virt-v2v >= 1.38.0-lp150.2.4
Patchnames:
openSUSE Leap 15.0 GA guestfs-data
openSUSE Tumbleweed
  • guestfs-data >= 1.32.4-11.1
  • guestfs-tools >= 1.32.4-11.1
  • guestfsd >= 1.32.4-11.1
  • libguestfs-devel >= 1.32.4-11.1
  • libguestfs-test >= 1.32.4-11.1
  • libguestfs0 >= 1.32.4-11.1
  • lua-libguestfs >= 1.32.4-11.1
  • ocaml-libguestfs >= 1.32.4-11.1
  • ocaml-libguestfs-devel >= 1.32.4-11.1
  • perl-Sys-Guestfs >= 1.32.4-11.1
  • python-libguestfs >= 1.32.4-11.1
  • rubygem-libguestfs >= 1.32.4-11.1
  • virt-p2v >= 1.32.4-11.1
Patchnames:
openSUSE Tumbleweed GA guestfs-data