Libvirt Security Notice: LSN-2013-0004

Crash in libvirtd registering events

Lifecycle

Reported on:	20130702
Published on:	20130710
Fixed on:	20130710

Credits

Reported by:	Ján Tomko
Patched by:	Ján Tomko

See also

CVE-2013-2230

Description

When callbacks are registered for multiple different events, the libvirtd daemon could crash

Impact

A readonly user can cause the libvirtd daemon to crash resulting in a denial of service.

Workaround

Prevent untrusted users from accessing libvirtd

Affected product: libvirt

Branch	master
Broken in:	v1.1.0
Fixed in:	v1.1.1
Broken by:	abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by:	f38c8185f97720ecae7ef2291fbaa5d6b0209e17

Branch	v1.1.0-maint
Broken by:	abf75aea247ef6e432e5a51bcdb21972e50a4cd1
Fixed by:	0b0b662059c8c87354d8417216baec1af3abc07c

Alternative formats: [xml] [text]