Candidate: CVE-2014-8131
PublicDate: 2015-01-06 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8131
 https://www.redhat.com/archives/libvir-list/2014-December/msg00551.html
 https://www.redhat.com/archives/libvir-list/2014-December/msg00600.html
 http://security.libvirt.org/2014/0008.html
Description:
 The qemu implementation of virConnectGetAllDomainStats in libvirt before
 1.2.11 does not properly handle locks when a domain is skipped due to ACL
 restrictions, which allows a remote authenticated users to cause a denial
 of service (deadlock or segmentation fault and crash) via a request to
 access the users does not have privileges to access.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: Martin Kletzander
Assigned-to:
CVSS: 

Patches_libvirt:
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=57023c0a3af4af1c547189c1f6712ed5edeb0c0b
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=cb104ef734dfea12cb8826dba7e2c98912c4b7e1
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=27431ec96e617f186bd3f5900aeb7d622770533a (1.8)
upstream_libvirt: released (1.2.11)
lucid_libvirt: not-affected (code not present)
precise_libvirt: not-affected (code not present)
trusty_libvirt: not-affected (code not present)
trusty/esm_libvirt: not-affected (code not present)
utopic_libvirt: ignored (reached end-of-life)
vivid_libvirt: not-affected (1.2.12-0ubuntu14.2)
devel_libvirt: not-affected (1.2.16-2ubuntu9)