PublicDateAtUSN: 2014-05-07
Candidate: CVE-2013-7336
PublicDate: 2014-05-07 10:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7336
 http://www.redhat.com/archives/libvir-list/2013-September/msg01208.html
 http://security.libvirt.org/2013/0021.html
 https://ubuntu.com/security/notices/USN-2209-1
Description:
 The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt
 before 1.1.3 does not properly enter a monitor when performing seamless
 SPICE migration, which allows local users to cause a denial of service
 (NULL pointer dereference and libvirtd crash) by causing domblkstat to be
 called at the same time as the qemuMonitorGetSpiceMigrationStatus function.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=1009886
Priority: medium
Discovered-by: Marian Krcmarik
Assigned-to: mdeslaur
CVSS: 

Patches_libvirt:
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=fea2550974137918c2bc9e01f3eb00421585450c (1.1.1)
upstream_libvirt: released (1.1.4-1)
lucid_libvirt: not-affected (code not present)
precise_libvirt: not-affected (code not present)
quantal_libvirt: not-affected (code not present)
saucy_libvirt: released (1.1.1-0ubuntu8.11)
trusty_libvirt: not-affected (1.2.2-0ubuntu4)
trusty/esm_libvirt: not-affected (1.2.2-0ubuntu4)
devel_libvirt: not-affected (1.2.2-0ubuntu4)