PublicDateAtUSN: 2014-01-24
Candidate: CVE-2014-0028
PublicDate: 2014-01-24 18:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0028
 http://security.libvirt.org/2014/0002.html
 https://ubuntu.com/security/notices/USN-2093-1
Description:
 libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass
 the domain:getattr and connect:search_domains restrictions in ACLs and
 obtain sensitive domain object information via a request to the (1)
 virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny
 functions in the event registration API.
Ubuntu-Description: 
Notes: 
 mdeslaur> introduced in 1.1.1
Bugs: 
Priority: medium
Discovered-by: Eric Blake
Assigned-to: mdeslaur
CVSS: 

Patches_libvirt:
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=f9f56340539d609cdc2e9d4ab812b9f146c3f100
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=1d0e4fbf9572ad34045a4f9d87601297a5244c38 (1.1.1)
upstream_libvirt: released (1.2.1)
lucid_libvirt: not-affected
precise_libvirt: not-affected
quantal_libvirt: not-affected
raring_libvirt: ignored (reached end-of-life)
saucy_libvirt: released (1.1.1-0ubuntu8.5)
devel_libvirt: not-affected (1.2.1-0ubuntu2)