PublicDateAtUSN: 2014-01-24
Candidate: CVE-2014-1447
PublicDate: 2014-01-24 18:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1447
 http://www.openwall.com/lists/oss-security/2014/01/14/2
 http://www.openwall.com/lists/oss-security/2014/01/15/1
 https://security.libvirt.org/2014/0001.html
 https://ubuntu.com/security/notices/USN-2093-1
Description:
 Race condition in the virNetServerClientStartKeepAlive function in libvirt
 before 1.2.1 allows remote attackers to cause a denial of service (libvirtd
 crash) by closing a connection before a keepalive response is sent.
Ubuntu-Description:
Notes:
 jdstrand> per upstream, introduced in 0.9.8
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=1047577
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735676
Priority: medium
Discovered-by: Jiri Denemark
Assigned-to: mdeslaur
CVSS: 

Patches_libvirt:
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=173c2914734eb5c32df6d35a82bf503e12261bcf
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef6c18bc1faf8b3e10787b39796a7a06cc0
upstream_libvirt: released (1.2.1-rc2)
lucid_libvirt: not-affected (0.7.5-5ubuntu27.24)
precise_libvirt: released (0.9.8-2ubuntu17.17)
quantal_libvirt: released (0.9.13-0ubuntu12.6)
raring_libvirt: ignored (reached end-of-life)
saucy_libvirt: released (1.1.1-0ubuntu8.5)
devel_libvirt: not-affected (1.2.1-0ubuntu2)