CVE-2014-0028

Priority
Medium
Description
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass
the domain:getattr and connect:search_domains restrictions in ACLs and
obtain sensitive domain object information via a request to the (1)
virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny
functions in the event registration API.
References
Notes
mdeslaur> introduced in 1.1.1
Assigned-to
mdeslaur
Package
Upstream:released (1.2.1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 12.10 (Quantal Quetzal):not-affected
Ubuntu 13.10 (Saucy Salamander):released (1.1.1-0ubuntu8.5)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.2.1-0ubuntu2)
Patches:
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=f9f56340539d609cdc2e9d4ab812b9f146c3f100
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=1d0e4fbf9572ad34045a4f9d87601297a5244c38 (1.1.1)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-30 21:14:38 UTC (commit 7696)