Libvirt Security Notice: LSN-2017-0001
        ======================================

       Summary: libvirtd crashes in virConnectGetAllDomainStats
                with empty cdrom
   Reported on: 20170224
  Published on: 20170224
      Fixed on: 20170224
   Reported by: Peter Krempa <pkrempa@redhat.com>
    Patched by: Peter Krempa <pkrempa@redhat.com>
      See also: CVE-2017-2635

Description
-----------

When calling the virConnectGetAllDomainStats API on a guest which
has a CDROM drive with no media present, libvirtd will crash on a
NULL pointer access

Impact
------

An application can cause a denial of service by crashing libvirtd if
a guest has a CDROM drive with no media

Workaround
----------

Avoid calling the virConnectGetAllDomainStats API, or ensure all
CDROM drives have media inserted

Affected product
----------------

        Name: libvirt
  Repository: https://gitlab.com/libvirt/libvirt

      Branch: master
   Broken in: v3.0.0
    Fixed in: v3.1.0
   Broken by: c5f6151390ff0a8e65014172bb8c0a8d312c3353
    Fixed by: c3de387380f6057ee0e46cd9f2f0a092e8070875

      Branch: v3.0-maint
   Broken by: c5f6151390ff0a8e65014172bb8c0a8d312c3353