CVE-2014-1447

Priority
Medium
Description
Race condition in the virNetServerClientStartKeepAlive function in libvirt
before 1.2.1 allows remote attackers to cause a denial of service (libvirtd
crash) by closing a connection before a keepalive response is sent.
References
Bugs
Notes
jdstrand> per upstream, introduced in 0.9.8
Assigned-to
mdeslaur
Package
Upstream:released (1.2.1-rc2)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (0.7.5-5ubuntu27.24)
Ubuntu 12.04 LTS (Precise Pangolin):released (0.9.8-2ubuntu17.17)
Ubuntu 12.10 (Quantal Quetzal):released (0.9.13-0ubuntu12.6)
Ubuntu 13.10 (Saucy Salamander):released (1.1.1-0ubuntu8.5)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.2.1-0ubuntu2)
Patches:
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=173c2914734eb5c32df6d35a82bf503e12261bcf
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef6c18bc1faf8b3e10787b39796a7a06cc0
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-30 21:14:38 UTC (commit 7696)