Debian Bug report logs - #623222
CVE-2011-1486: Error handling not thread-safe

version graph

Package: libvirt; Maintainer for libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Mon, 18 Apr 2011 13:48:01 UTC

Severity: important

Tags: security

Fixed in version libvirt/0.8.3-5+squeeze2

Done: Guido Günther <agx@sigxcpu.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#623222; Package libvirt. (Mon, 18 Apr 2011 13:48:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Mon, 18 Apr 2011 13:48:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2011-1486: Error handling not thread-safe
Date: Mon, 18 Apr 2011 15:45:06 +0200
Package: libvirt
Severity: important
Tags: security

Hi,
please see https://bugzilla.redhat.com/show_bug.cgi?id=693391
and https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html

This doesn't seem grave enough to warrant a DSA, it could either
be fixed through s-p-u or coupled with a possible future DSA
for libvirt.

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs37-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#623222; Package libvirt. (Sun, 24 Apr 2011 08:15:38 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Sun, 24 Apr 2011 08:15:39 GMT) Full text and rfc822 format available.

Message #10 received at 623222@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Moritz Muehlenhoff <muehlenhoff@univention.de>, 623222@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: [Pkg-libvirt-maintainers] Bug#623222: CVE-2011-1486: Error handling not thread-safe
Date: Sun, 24 Apr 2011 10:13:12 +0200
notfound 623222 libvirt/0.9.0-1
thanks

Hi Moritz,

On Mon, Apr 18, 2011 at 03:45:06PM +0200, Moritz Muehlenhoff wrote:
> Package: libvirt
> Severity: important
> Tags: security
> 
> Hi,
> please see https://bugzilla.redhat.com/show_bug.cgi?id=693391
> and https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html
> 
> This doesn't seem grave enough to warrant a DSA, it could either
> be fixed through s-p-u or coupled with a possible future DSA
> for libvirt.

Just for the record: upstream's fix is in 0.9.0 already. BTW Does tagging
the bugs as found/notfound update the affected versions at

https://bugzilla.redhat.com/show_bug.cgi?id=693391

automatically?
Cheers,
 -- Guido

> 
> Cheers,
>         Moritz
> 
> -- System Information:
> Debian Release: 5.0.1
> Architecture: amd64 (x86_64)
> Shell:  /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.32-ucs37-amd64
> Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
> 
> 
> 
> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-libvirt-maintainers
> 




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#623222; Package libvirt. (Wed, 27 Apr 2011 19:54:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Wed, 27 Apr 2011 19:54:05 GMT) Full text and rfc822 format available.

Message #15 received at 623222@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Guido Günther <agx@sigxcpu.org>
Cc: 623222@bugs.debian.org
Subject: Re: [Pkg-libvirt-maintainers] Bug#623222: CVE-2011-1486: Error handling not thread-safe
Date: Wed, 27 Apr 2011 21:51:55 +0200
Hi Guido,

> Just for the record: upstream's fix is in 0.9.0 already. 

Ok, I've updated the tracker.

> BTW Does tagging
> the bugs as found/notfound update the affected versions at
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=693391

We don't update the Red Hat bugzilla, no :-)

Did you mean http://security-tracker.debian.org/tracker/CVE-2011-1486 ?

If you want to update version-specific entries (like "Squeeze is not
affected, since the code isn't there yet") simply use
http://security-tracker.debian.org/tracker/data/report

Alternatively we can also give you write access to the Debian Security
Tracker as described here:
http://svn.debian.org/wsvn/secure-testing/doc/narrative_introduction?op=file&rev=0&sc=0

Cheers,
        Moritz




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#623222; Package libvirt. (Fri, 29 Apr 2011 19:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Fri, 29 Apr 2011 19:21:05 GMT) Full text and rfc822 format available.

Message #20 received at 623222@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: 623222@bugs.debian.org
Subject: Re: [Pkg-libvirt-maintainers] Bug#623222: CVE-2011-1486: Error handling not thread-safe
Date: Fri, 29 Apr 2011 21:17:22 +0200
Hi Moritz,
On Wed, Apr 27, 2011 at 09:51:55PM +0200, Moritz Muehlenhoff wrote:
> Hi Guido,
> 
> > Just for the record: upstream's fix is in 0.9.0 already. 
> 
> Ok, I've updated the tracker.
> 
> > BTW Does tagging
> > the bugs as found/notfound update the affected versions at
> > 
> > https://bugzilla.redhat.com/show_bug.cgi?id=693391
> 
> We don't update the Red Hat bugzilla, no :-)

I figure you don't. C'n'p screwup, sorry.

> Did you mean http://security-tracker.debian.org/tracker/CVE-2011-1486 ?
Exactly.

> If you want to update version-specific entries (like "Squeeze is not
> affected, since the code isn't there yet") simply use
> http://security-tracker.debian.org/tracker/data/report

Great thanks!

> Alternatively we can also give you write access to the Debian Security
> Tracker as described here:
> http://svn.debian.org/wsvn/secure-testing/doc/narrative_introduction?op=file&rev=0&sc=0

I'll have a look.
Cheers,
 -- Guido




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#623222; Package libvirt. (Tue, 12 Jul 2011 21:27:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Tue, 12 Jul 2011 21:27:11 GMT) Full text and rfc822 format available.

Message #25 received at 623222@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Moritz Muehlenhoff <muehlenhoff@univention.de>, 623222@bugs.debian.org
Subject: Re: Bug#623222: CVE-2011-1486: Error handling not thread-safe
Date: Tue, 12 Jul 2011 23:25:34 +0200
[Message part 1 (text/plain, inline)]
On Mon, Apr 18, 2011 at 03:45:06PM +0200, Moritz Muehlenhoff wrote:
> Package: libvirt
> Severity: important
> Tags: security
> 
> Hi,
> please see https://bugzilla.redhat.com/show_bug.cgi?id=693391
> and https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html
> 
> This doesn't seem grave enough to warrant a DSA, it could either
> be fixed through s-p-u or coupled with a possible future DSA
> for libvirt.

Attached is a fix for stable.
 -- Guido
[0002-Make-error-reporting-in-libvirtd-thread-safe.patch (text/x-diff, attachment)]

Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Tue, 19 Jul 2011 20:03:10 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Tue, 19 Jul 2011 20:03:10 GMT) Full text and rfc822 format available.

Message #30 received at 623222-close@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: 623222-close@bugs.debian.org
Subject: Bug#623222: fixed in libvirt 0.8.3-5+squeeze2
Date: Tue, 19 Jul 2011 20:00:18 +0000
Source: libvirt
Source-Version: 0.8.3-5+squeeze2

We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive:

libvirt-bin_0.8.3-5+squeeze2_i386.deb
  to main/libv/libvirt/libvirt-bin_0.8.3-5+squeeze2_i386.deb
libvirt-dev_0.8.3-5+squeeze2_i386.deb
  to main/libv/libvirt/libvirt-dev_0.8.3-5+squeeze2_i386.deb
libvirt-doc_0.8.3-5+squeeze2_all.deb
  to main/libv/libvirt/libvirt-doc_0.8.3-5+squeeze2_all.deb
libvirt0-dbg_0.8.3-5+squeeze2_i386.deb
  to main/libv/libvirt/libvirt0-dbg_0.8.3-5+squeeze2_i386.deb
libvirt0_0.8.3-5+squeeze2_i386.deb
  to main/libv/libvirt/libvirt0_0.8.3-5+squeeze2_i386.deb
libvirt_0.8.3-5+squeeze2.debian.tar.gz
  to main/libv/libvirt/libvirt_0.8.3-5+squeeze2.debian.tar.gz
libvirt_0.8.3-5+squeeze2.dsc
  to main/libv/libvirt/libvirt_0.8.3-5+squeeze2.dsc
python-libvirt_0.8.3-5+squeeze2_i386.deb
  to main/libv/libvirt/python-libvirt_0.8.3-5+squeeze2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 623222@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated libvirt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 13 Jul 2011 20:32:22 +0200
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source all i386
Version: 0.8.3-5+squeeze2
Distribution: stable-security
Urgency: low
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 libvirt-bin - the programs for the libvirt library
 libvirt-dev - development files for the libvirt library
 libvirt-doc - documentation for the libvirt library
 libvirt0   - library for interfacing with different virtualization systems
 libvirt0-dbg - library for interfacing with different virtualization systems
 python-libvirt - libvirt Python bindings
Closes: 623222 633630
Changes: 
 libvirt (0.8.3-5+squeeze2) stable-security; urgency=low
 .
   * [ac67c93] CVE-2011-1486: Make error reporting in libvirtd thread safe
     (Closes: #623222)
   * [eafb3d8] CVE-2011-2511: Fix integer overflow in VirDomainGetVcpus
     (Closes: #633630)
Checksums-Sha1: 
 612aec4fb52c4a37ebe29da5ed764ca46441dd6b 1910 libvirt_0.8.3-5+squeeze2.dsc
 5f66c739c7ccdb0570391d1068b0f4328e3c962c 36665 libvirt_0.8.3-5+squeeze2.debian.tar.gz
 09c2f167f3328e6250d4c0eb66f6e44bc903d68d 1120066 libvirt-doc_0.8.3-5+squeeze2_all.deb
 f63221e799ffdbf3ff3aa9f3b722d8bc428c08e1 1022934 libvirt-bin_0.8.3-5+squeeze2_i386.deb
 1dca52c4eb8791c8f9708d543035a8bcc522b381 955230 libvirt0_0.8.3-5+squeeze2_i386.deb
 63fd122e8a5f85b7be23c3a138988c43187cdb5b 3046518 libvirt0-dbg_0.8.3-5+squeeze2_i386.deb
 859920380a64ae299e6be5fd4992050009efa259 1176804 libvirt-dev_0.8.3-5+squeeze2_i386.deb
 b9fee74eb56130f0edfdaf1981bab756d4e4c315 440234 python-libvirt_0.8.3-5+squeeze2_i386.deb
Checksums-Sha256: 
 1dd3353f681f461715f070e9aeb76a123d96d5db3c8cd288345c910bb139f292 1910 libvirt_0.8.3-5+squeeze2.dsc
 0017f45875038570c7c5dade0f6f65150c86649eeaad0643331ea433f3fadc38 36665 libvirt_0.8.3-5+squeeze2.debian.tar.gz
 1f65fc9bb93af4505144f311a0607681a22d8cba5ef9121749889d162a947736 1120066 libvirt-doc_0.8.3-5+squeeze2_all.deb
 9e4c43002eba19ec694e2cb35f684f63ce76083e4016e2881bc2140f44cf0976 1022934 libvirt-bin_0.8.3-5+squeeze2_i386.deb
 67dd72a45528461a97f15015fa8472560d80b3c7a5cc1710ae22f86920a345d6 955230 libvirt0_0.8.3-5+squeeze2_i386.deb
 4b596b3bf584e29818a528df9cab788beaec273247eea53f10101e6c34f1f6d6 3046518 libvirt0-dbg_0.8.3-5+squeeze2_i386.deb
 cedfe972c987c659e73d5a25a0da1a412c333d7347bbaf0a82b281f04e12de4f 1176804 libvirt-dev_0.8.3-5+squeeze2_i386.deb
 e6512eda17b4e7f418f707d6e2d9825992af3af9a1d09dde7e72840467bd91a2 440234 python-libvirt_0.8.3-5+squeeze2_i386.deb
Files: 
 6ed4c950f68e03ea10e2631a8c406b40 1910 libs optional libvirt_0.8.3-5+squeeze2.dsc
 d3983d7de34e8a42692118db83b6bd79 36665 libs optional libvirt_0.8.3-5+squeeze2.debian.tar.gz
 3f4ae27e7a6e605a5d7bf85118ef326d 1120066 doc optional libvirt-doc_0.8.3-5+squeeze2_all.deb
 ea046ebf07198a6ff7b197c387e64092 1022934 admin optional libvirt-bin_0.8.3-5+squeeze2_i386.deb
 134d3387a30d9acbc01bf0852bfff67a 955230 libs optional libvirt0_0.8.3-5+squeeze2_i386.deb
 4872315a9e1dcb7b9ba2c2aedce0d8f8 3046518 debug extra libvirt0-dbg_0.8.3-5+squeeze2_i386.deb
 5aafaca4b04abd96d61e1a56dcbe11c5 1176804 libdevel optional libvirt-dev_0.8.3-5+squeeze2_i386.deb
 efca68131ea54e55cfbf22145cda09a6 440234 python optional python-libvirt_0.8.3-5+squeeze2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOId+Un88szT8+ZCYRAsy0AJ9oZIY0Yr8hFTViF4QXWtHywOyDsACdFMLg
OgqSRdNhPjLqO9zNULMfOyA=
=SjLM
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 01 Oct 2011 07:34:34 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 18:01:32 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.