On 09/27/2013 09:26 AM, Daniel P. Berrange wrote: > From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> > > When a client disconnects from libvirtd, all event callbacks > must be removed. This involves running the public API > > virConnectDomainEventDeregisterAny > > This code does not run in normal API dispatch context, so no > identity was set. The result was that the access control drivers > denied the attempt to deregister callbacks. The callbacks thus > continued to trigger after the client was free'd causing fairly > predictable use of free memory & a crash. > > This can be triggered by any client with readonly access when > the ACL drivers are active. > > Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> > --- > daemon/remote.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > NB, this bug is a publically reported security flaw and I'll be > backporting it to other stable branches. A CVE will be assigned > soon and will notify when that info is available. This has been assigned CVE-2013-4399. Tag now pushed. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list