advisories/10345.adv

ID: MGASA-2013-0166
pubtime: 1370521473
type: security
src:
  3:
   core:
     - libvirt-1.0.2-7.1.mga3
CVE:
  - CVE-2013-1962
subject: Updated libvirt packages fix security vulnerability
description: |
  It was found that libvirtd leaked file descriptors when listing all volumes
  for a particular pool. A remote attacker able to establish a read-only
  connection to libvirtd could use this flaw to cause libvirtd to consume all
  available file descriptors, preventing other users from using libvirtd
  services (such as starting a new guest) until libvirtd is restarted
  (CVE-2013-1962).
references:
 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1962
 - https://rhn.redhat.com/errata/RHSA-2013-0831.html
 - https://bugs.mageia.org/show_bug.cgi?id=10345
1	boklm	10	ID: MGASA-2013-0166
2			pubtime: 1370521473
3			type: security
4			src:
5			3:
6			core:
7			- libvirt-1.0.2-7.1.mga3
8			CVE:
9			- CVE-2013-1962
10			subject: Updated libvirt packages fix security vulnerability
11			description: \|
12			It was found that libvirtd leaked file descriptors when listing all volumes
13			for a particular pool. A remote attacker able to establish a read-only
14			connection to libvirtd could use this flaw to cause libvirtd to consume all
15			available file descriptors, preventing other users from using libvirtd
16			services (such as starting a new guest) until libvirtd is restarted
17			(CVE-2013-1962).
18			references:
19			- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1962
20			- https://rhn.redhat.com/errata/RHSA-2013-0831.html
21			- https://bugs.mageia.org/show_bug.cgi?id=10345