Libvirt Security Notice: LSN-2013-0005
        ======================================

       Summary: Crash after querying vCPU count from guest agent
   Reported on: 20130716
  Published on: 20130716
      Fixed on: 20130716
   Reported by: Peter Krempa <pkrempa@redhat.com>
    Patched by: Peter Krempa <pkrempa@redhat.com>
      See also: CVE-2013-4153

Description
-----------

When processing the response to a vCPU count query from the guest
agent, a JSON object would be freed twice. This could result in a
crash of the libvirtd daemon.

Impact
------

A user with permission to query the VCPU count could crash the
libvirtd daemon resulting in a denial of service.

Workaround
----------

Prevent untrusted users from accessing libvirtd

Affected product
----------------

        Name: libvirt
  Repository: https://gitlab.com/libvirt/libvirt

      Branch: master
   Broken in: v1.1.0
    Fixed in: v1.1.1
   Broken by: 3099c063e348fdc79a900f88bcfc5389dada7786
    Fixed by: dfc692350a04a70b4ca65667c30869b3bfdaf034

      Branch: v1.1.0-maint
   Broken by: 3099c063e348fdc79a900f88bcfc5389dada7786
    Fixed by: cafcec2f5b0c9ff1dc573d798933ae453a15fa29