Libvirt Security Notice: LSN-2013-0006 ====================================== Summary: Crash of libvirtd without guest agent active Reported on: 20130716 Published on: 20130716 Fixed on: 20130716 Reported by: Alex Jia Patched by: Alex Jia See also: CVE-2013-4154 Description ----------- If the qemu guest agent service is not present in a guest then the libvirtd daemon will crash on a NULL pointer when trying to run guest agent related commands. Impact ------ A user with the permission to invoke APIs which talk to the guest agent will be able to crash the libvirtd daemon leading to a denial of service. Workaround ---------- Prevent untrusted users from executing APIs which talk to the guest agent by removing their ability to connect to libvirtd or deny the permission bits in the access control policy. Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v1.1.0 Fixed in: v1.1.1 Broken by: d47eff88fe50e43a36671f6d8d0eeda52835d5e0 Fixed by: 96518d4316b711c72205117f8d5c967d5127bbb6 Branch: v1.1.0-maint Broken by: d47eff88fe50e43a36671f6d8d0eeda52835d5e0 Fixed by: a0f8c42b936c44c7e328ce774a8952dcc2f6afc6