Upstream information

CVE-2013-7336 at MITRE

Description

The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.

SUSE information

SUSE Bugzilla entry: 868943 [RESOLVED / DUPLICATE]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 13.1
  • libvirt >= 1.1.2-2.26.1
  • libvirt-client >= 1.1.2-2.26.1
  • libvirt-client-32bit >= 1.1.2-2.26.1
  • libvirt-client-debuginfo >= 1.1.2-2.26.1
  • libvirt-client-debuginfo-32bit >= 1.1.2-2.26.1
  • libvirt-daemon >= 1.1.2-2.26.1
  • libvirt-daemon-config-network >= 1.1.2-2.26.1
  • libvirt-daemon-config-nwfilter >= 1.1.2-2.26.1
  • libvirt-daemon-debuginfo >= 1.1.2-2.26.1
  • libvirt-daemon-driver-interface >= 1.1.2-2.26.1
  • libvirt-daemon-driver-interface-debuginfo >= 1.1.2-2.26.1
  • libvirt-daemon-driver-libxl >= 1.1.2-2.26.1
  • libvirt-daemon-driver-libxl-debuginfo >= 1.1.2-2.26.1
  • libvirt-daemon-driver-lxc >= 1.1.2-2.26.1
  • libvirt-daemon-driver-lxc-debuginfo >= 1.1.2-2.26.1
  • libvirt-daemon-driver-network >= 1.1.2-2.26.1
  • libvirt-daemon-driver-network-debuginfo >= 1.1.2-2.26.1
  • libvirt-daemon-driver-nodedev >= 1.1.2-2.26.1
  • libvirt-daemon-driver-nodedev-debuginfo >= 1.1.2-2.26.1
  • libvirt-daemon-driver-nwfilter >= 1.1.2-2.26.1
  • libvirt-daemon-driver-nwfilter-debuginfo >= 1.1.2-2.26.1
  • libvirt-daemon-driver-qemu >= 1.1.2-2.26.1
  • libvirt-daemon-driver-qemu-debuginfo >= 1.1.2-2.26.1
  • libvirt-daemon-driver-secret >= 1.1.2-2.26.1
  • libvirt-daemon-driver-secret-debuginfo >= 1.1.2-2.26.1
  • libvirt-daemon-driver-storage >= 1.1.2-2.26.1
  • libvirt-daemon-driver-storage-debuginfo >= 1.1.2-2.26.1
  • libvirt-daemon-driver-uml >= 1.1.2-2.26.1
  • libvirt-daemon-driver-uml-debuginfo >= 1.1.2-2.26.1
  • libvirt-daemon-driver-vbox >= 1.1.2-2.26.1
  • libvirt-daemon-driver-vbox-debuginfo >= 1.1.2-2.26.1
  • libvirt-daemon-driver-xen >= 1.1.2-2.26.1
  • libvirt-daemon-driver-xen-debuginfo >= 1.1.2-2.26.1
  • libvirt-daemon-lxc >= 1.1.2-2.26.1
  • libvirt-daemon-qemu >= 1.1.2-2.26.1
  • libvirt-daemon-uml >= 1.1.2-2.26.1
  • libvirt-daemon-vbox >= 1.1.2-2.26.1
  • libvirt-daemon-xen >= 1.1.2-2.26.1
  • libvirt-debugsource >= 1.1.2-2.26.1
  • libvirt-devel >= 1.1.2-2.26.1
  • libvirt-devel-32bit >= 1.1.2-2.26.1
  • libvirt-doc >= 1.1.2-2.26.1
  • libvirt-lock-sanlock >= 1.1.2-2.26.1
  • libvirt-lock-sanlock-debuginfo >= 1.1.2-2.26.1
  • libvirt-login-shell >= 1.1.2-2.26.1
  • libvirt-login-shell-debuginfo >= 1.1.2-2.26.1
  • libvirt-python >= 1.1.2-2.26.1
  • libvirt-python-debuginfo >= 1.1.2-2.26.1
Patchnames:
openSUSE-2014-328