qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] oss-security - CVE-2014-3672 libvirt: DoS via excessive


From: Daniel P. Berrange
Subject: Re: [Qemu-devel] oss-security - CVE-2014-3672 libvirt: DoS via excessive logging
Date: Thu, 21 Jul 2016 09:55:35 +0100
User-agent: Mutt/1.6.1 (2016-04-27)

On Thu, Jul 21, 2016 at 02:24:43AM +0000, Xulei (Stone) wrote:
> Hi,
> 
> A CVE(CVE-2014-3672) vulnerability was reported in Xen. 
> I want to know how to reproduce this CVE and whether the qemu-kvm was 
> affected ?
> 
> Hyperlink: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3672
> Hyperlink: http://www.openwall.com/lists/oss-security/2016/05/24/5

Yes, QEMU is affected, but we did not fix it at the QEMU layer. Instead
libvirt has introduced a virtlogd daemon to handle all writing of data
to files. So QEMU now merely writes a pipe FD, and virtlogd takes care
of file rotation.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|



reply via email to

[Prev in Thread] Current Thread [Next in Thread]