On Sat, Dec 28, 2013 at 3:18 PM, Doug Goldstein <cardoe@xxxxxxxxxx> wrote: > On Tue, Dec 24, 2013 at 12:02 AM, Eric Blake <eblake@xxxxxxxxxx> wrote: >> On 12/20/2013 11:36 AM, Jim Fehlig wrote: >>> Dario Faggioli wrote: >>>> by, in libxlDomainGetNumaParameters(), calling libxl_bitmap_init() as soon as >>>> possible, which avoids getting to 'cleanup:', where libxl_bitmap_dispose() >>>> happens, without having initialized the nodemap, and hence crashing after some >>>> invalid free()-s: >>>> >>> >>> Yikes! ACK to the fix. I've pushed it. >> >> This has been assigned CVE-6457; we'll get it tagged in libvirt.git and >> make sure it is backported to relevant branches once I've got more time >> (may be in 2014). >> > > I'll help you out and get started on this. Family is in town around > the holidays so no promises I'll get them all done if its not too > trivial. > > -- > Doug Goldstein The fix has been back ported to: v1.1.1-maint v1.1.2-maint v1.1.3-maint v1.1.4-maint v1.2.0-maint This should cover all affected versions per Jim's analysis. Let me know if anything further needs to be done. -- Doug Goldstein -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list