Libvirt Security Notice: LSN-2013-0007
        ======================================

       Summary: Crash listing inactive domains in Xen driver
   Reported on: 20130805
  Published on: 20130805
      Fixed on: 20130805
   Reported by: Jim Fehlig <jfehlig@suse.com>
    Patched by: Jim Fehlig <jfehlig@suse.com>
      See also: CVE-2013-4239

Description
-----------

The legacy Xen driver code for listing inactive domains would start
populating an array at index -1. This causes memory corruption
leading to a crash of libvirtd

Impact
------

An unprivileged user can crash libvirtd by requesting a list of
inactive domains on a Xen host

Workaround
----------

Prevent untrusted users from accessing libvirtd

Affected product
----------------

        Name: libvirt
  Repository: https://gitlab.com/libvirt/libvirt

      Branch: master
   Broken in: v1.1.1
    Fixed in: v1.1.2
   Broken by: 632180d14f4a4934436ee4c9ebd8f6b8feed671f
    Fixed by: 0e671a1646df543eab683b38f6644f70d12fbee1

      Branch: v1.1.1-maint
   Broken by: 632180d14f4a4934436ee4c9ebd8f6b8feed671f
    Fixed by: 673ff0d7ea937b104c67161843949e83b8080c3b