Libvirt Security Notice Index > 2013 > LSN-2013-0004 [xml] [text]

Libvirt Security Notice: LSN-2013-0004

Crash in libvirtd registering events

Lifecycle

Reported on:	20130702
Published on:	20130710
Fixed on:	20130710

Credits

Reported by:	Ján Tomko
Patched by:	Ján Tomko

See also

CVE-2013-2230

Description

When callbacks are registered for multiple different events, the libvirtd daemon could crash

Impact

A readonly user can cause the libvirtd daemon to crash resulting in a denial of service.

Workaround

Prevent untrusted users from accessing libvirtd

Affected product: libvirt

Branch: master

Broken in:: v1.1.0
Fixed in:: v1.1.1
Broken by:: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by:: f38c8185f97720ecae7ef2291fbaa5d6b0209e17

Branch: v1.1.0-maint

Broken in:
Fixed in:
Broken by:: abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by:: 0b0b662059c8c87354d8417216baec1af3abc07c

Alternative formats: [xml] [text]

Home

Website (via DuckDuckGo) Wiki (via DuckDuckGo) Developers list Users list

Contact

email
irc

Community

Contribute

edit this page

Participants in the libvirt project agree to abide by the project code of conduct