Novell Home

CVE-2013-0170

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-0170 at MITRE

Description

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 800976

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SLE 11 SP2 DEBUGINFO
  • libvirt-debuginfo >= 0.9.6-0.25.1
  • libvirt-debugsource >= 0.9.6-0.25.1
 Builds
SAT Patch Nr: 7310
SUSE Linux Enterprise Software Development Kit 11 SP2
  • libvirt-devel >= 0.9.6-0.25.1
 Builds
SAT Patch Nr: 7310
SUSE Linux Enterprise Software Development Kit 11 SP2
  • libvirt-devel >= 0.9.6-0.25.1
  • libvirt-devel-32bit >= 0.9.6-0.25.1
 Builds
SAT Patch Nr: 7310
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
  • libvirt >= 0.9.6-0.25.1
  • libvirt-client >= 0.9.6-0.25.1
  • libvirt-doc >= 0.9.6-0.25.1
  • libvirt-python >= 0.9.6-0.25.1
 Builds
SAT Patch Nr: 7310
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
  • libvirt >= 0.9.6-0.25.1
  • libvirt-client >= 0.9.6-0.25.1
  • libvirt-client-32bit >= 0.9.6-0.25.1
  • libvirt-doc >= 0.9.6-0.25.1
  • libvirt-python >= 0.9.6-0.25.1
 Builds
SAT Patch Nr: 7310

© 2013 Novell