PublicDateAtUSN: 2015-09-16
Candidate: CVE-2015-5247
PublicDate: 2016-04-14 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5247
 http://security.libvirt.org/2015/0003.html
 https://ubuntu.com/security/notices/USN-2867-1
Description:
 The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows
 remote authenticated users with a read-write connection to cause a denial
 of service (libvirtd crash) by triggering a failed unlink after creating a
 volume on a root_squash NFS pool.
Ubuntu-Description:
Notes:
 tyhicks> affects 1.2.14 to 1.2.19
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799132
Priority: low
Discovered-by: Han Han
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM]

Patches_libvirt:
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=9e48400f4606bac16b7e4db195f610928c3d5a04 (1.2.16)
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=2f4b41861c1729ff4b754986782d7428ccdca455 (1.2.16)
 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=7f0505705c70f7eb1e435a2e7732d1a74abfadfd (1.2.16)
upstream_libvirt: needed
precise_libvirt: not-affected
trusty_libvirt: not-affected
trusty/esm_libvirt: not-affected
vivid_libvirt: not-affected (1.2.12-0ubuntu14.2)
wily_libvirt: released (1.2.16-2ubuntu11.15.10.2)
devel_libvirt: not-affected (1.2.21-2ubuntu4)