thr3ads.net - Secure testing team - [Secure-testing-team] Bug#633630: CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus [Jul 2011]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Salvatore Bonaccorso

2011-Jul-12 10:29 UTC

[Secure-testing-team] Bug#633630: CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus

Source: libvirt
Version: 0.9.2
Severity: important
Tags: security

Hi Guido

In [1] (CVE-2011-2511) an integer overflow in VirDomainGetVcpus for
libvirt is mentioned. This is fixed in new upstream 0.9.3. Here [2] is
the patch applied by upstream. Can/should there be an update to for
stable (if affected?).

 [1] http://www.securityfocus.com/bid/48478/info
 [2] https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
 [3] http://security-tracker.debian.org/CVE-2011-2511

Regards
Salvatore

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Secure testing team - Jul 2011 - Bug#633630: CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus

[Secure-testing-team] Bug#633630: CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus