Libvirt Security Notice: LSN-2013-0005 ====================================== Summary: Crash after querying vCPU count from guest agent Reported on: 20130716 Published on: 20130716 Fixed on: 20130716 Reported by: Peter Krempa Patched by: Peter Krempa See also: CVE-2013-4153 Description ----------- When processing the response to a vCPU count query from the guest agent, a JSON object would be freed twice. This could result in a crash of the libvirtd daemon. Impact ------ A user with permission to query the VCPU count could crash the libvirtd daemon resulting in a denial of service. Workaround ---------- Prevent untrusted users from accessing libvirtd Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v1.1.0 Fixed in: v1.1.1 Broken by: 3099c063e348fdc79a900f88bcfc5389dada7786 Fixed by: dfc692350a04a70b4ca65667c30869b3bfdaf034 Branch: v1.1.0-maint Broken by: 3099c063e348fdc79a900f88bcfc5389dada7786 Fixed by: cafcec2f5b0c9ff1dc573d798933ae453a15fa29