PublicDateAtUSN: 2014-01-24
Candidate: CVE-2013-6457
PublicDate: 2014-01-24 18:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6457
 https://www.redhat.com/archives/libvir-list/2013-December/msg01258.html
 https://www.redhat.com/archives/libvir-list/2013-December/msg01176.html
 http://security.libvirt.org/2013/0019.html
 https://ubuntu.com/security/notices/USN-2093-1
Description:
 The libxlDomainGetNumaParameters function in the libxl driver
 (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize
 the nodemap, which allows local users to cause a denial of service (invalid
 free operation and crash) or possibly execute arbitrary code via an
 inactive domain to the virsh numatune command.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Dario Faggioli
Assigned-to: mdeslaur
CVSS: 

Patches_libvirt:
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=f9ee91d35510ccbc6fc42cef8864b291b2d220f4
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=d5f89a6dd725baf8bca1f1e28f5b858bf0053a99 (1.1.1)
upstream_libvirt: released (1.2.1-1)
lucid_libvirt: not-affected
precise_libvirt: not-affected
quantal_libvirt: not-affected
raring_libvirt: not-affected
saucy_libvirt: released (1.1.1-0ubuntu8.5)
devel_libvirt: not-affected (1.2.1-0ubuntu2)