Описание
ELSA-2013-0199: libvirt security update (IMPORTANT)
[libvirt-0.9.10-21.0.1.el6_3.8]
- Replace docs/et.png in tarball with blank image
[0.9.10-21.el6_3.8]
- rpc: Fix crash on error paths of message dispatching (CVE-2013-0170)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
libvirt
0.9.10-21.0.1.el6_3.8
libvirt-client
0.9.10-21.0.1.el6_3.8
libvirt-devel
0.9.10-21.0.1.el6_3.8
libvirt-lock-sanlock
0.9.10-21.0.1.el6_3.8
libvirt-python
0.9.10-21.0.1.el6_3.8
Oracle Linux i686
libvirt
0.9.10-21.0.1.el6_3.8
libvirt-client
0.9.10-21.0.1.el6_3.8
libvirt-devel
0.9.10-21.0.1.el6_3.8
libvirt-python
0.9.10-21.0.1.el6_3.8
Связанные CVE
Связанные уязвимости
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
Use-after-free vulnerability in the virNetMessageFree function in rpc/ ...
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.