Package: libguestfs Version: 1:1.20.6-4 Severity: important Tags: security patch upstream confirmed
LibguestFS upstream has issued the following patch[1] to correct a double-free flaw in the virt-inspector / other virt-* tools, which could lead to denial of service if some of the tools were used by 3rd party applications for inspection of untrusted guest files / images[2][3]. Information from oss-security[4]. 1: https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd 2: https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html 3: https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html 4: http://www.openwall.com/lists/oss-security/2013/05/29/2 --- Henri Salo
signature.asc
Description: Digital signature
