Candidate: CVE-2013-4399
PublicDate: 2014-12-12 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4399
Description:
 The remoteClientFreeFunc function in daemon/remote.c in libvirt before
 1.1.3, when ACLs are used, does not set an identity, which causes event
 handler removal to be denied and remote attackers to cause a denial of
 service (use-after-free and crash) by registering an event handler and then
 closing the connection.
Ubuntu-Description:
Notes:
 jdstrand> per upstream, introduced in 1.1.0
 mdeslaur> in fix-crash-in-libvirtd-when-events patch in saucy+
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=1015214
Priority: medium
Discovered-by: Zhenfang Wang
Assigned-to: mdeslaur
CVSS: 

Patches_libvirt:
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=8294aa0c1750dcb49d6345cd9bd97bf421580d8b
upstream_libvirt: released (1.1.3,1.1.1-0ubuntu7)
lucid_libvirt: not-affected
precise_libvirt: not-affected
quantal_libvirt: not-affected
raring_libvirt: not-affected (1.0.2-0ubuntu11.13.04.4)
saucy_libvirt: not-affected (1.1.1-0ubuntu8)
devel_libvirt: not-affected (1.1.1-0ubuntu9)