CVE-2013-0170
Publication date 28 January 2013
Last updated 24 July 2024
Ubuntu priority
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
Status
Package | Ubuntu Release | Status |
---|---|---|
libvirt | 12.10 quantal |
Fixed 0.9.13-0ubuntu12.2
|
12.04 LTS precise |
Fixed 0.9.8-2ubuntu17.7
|
|
11.10 oneiric |
Not affected
|
|
10.04 LTS lucid |
Not affected
|
|
8.04 LTS hardy | Ignored end of life |
Notes
Patch details
Package | Patch details |
---|---|
libvirt |
References
Related Ubuntu Security Notices (USN)
- USN-1708-1
- libvirt vulnerabilities
- 29 January 2013